docker/quay
1
0
Fork 0
mirror of https://github.com/quay/quay.git synced 2026-01-26 06:21:37 +03:00
Code Activity
Files
master
quay/util/config/schema.py
Shaon H 92b6f4729a feat(mirror): organization-level mirror config CRUD APIs (PROJQUAY-1266) (#4923) 
* mirror: Add FEATURE_ORG_MIRROR feature flag (PROJQUAY-1266)

Add organization-level repository mirroring feature flag to enable
the new org mirroring functionality. Feature is disabled by default.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* mirror: Add GET endpoint for org mirror config (PROJQUAY-1266)

Implements the GET /v1/organization/<org>/mirror endpoint to retrieve
organization-level mirror configuration. Includes business logic layer
with get_org_mirror_config() and comprehensive unit tests.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* mirror: Add POST endpoint for org mirror config (PROJQUAY-1266)

Add create endpoint for organization-level mirror configuration:
- POST /v1/organization/<orgname>/mirror creates new config
- Validates robot account ownership and credentials
- Returns 201 on success, 409 if config already exists

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* mirror: Add DELETE endpoint for org mirror config (PROJQUAY-1266)

Add delete endpoint for organization-level mirror configuration:
- DELETE /v1/organization/<orgname>/mirror removes config
- Also deletes all associated discovered repositories
- Returns 204 on success, 404 if config doesn't exist

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* mirror: Add PUT endpoint for org mirror config (PROJQUAY-1266)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix test failure

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-19 16:01:15 -08:00

2426 lines
101 KiB
Python
Raw Permalink Blame History

# INTERNAL_ONLY_PROPERTIES defines the properties in the config that, while settable, should
# not be documented for external users. These will generally be used for internal test or only
# given to customers when they have been briefed on the side effects of using them.
INTERNAL_ONLY_PROPERTIES = {
"__module__",
"__doc__",
"__annotations__",
"create_transaction",
"SESSION_COOKIE_NAME",
"SESSION_COOKIE_HTTPONLY",
"SESSION_COOKIE_SAMESITE",
"DATABASE_SECRET_KEY",
"V22_NAMESPACE_BLACKLIST",
"OCI_NAMESPACE_WHITELIST",
"FEATURE_GENERAL_OCI_SUPPORT",
"FEATURE_HELM_OCI_SUPPORT",
"FEATURE_NAMESPACE_GARBAGE_COLLECTION",
"FEATURE_REPOSITORY_GARBAGE_COLLECTION",
"FEATURE_REPOSITORY_ACTION_COUNTER",
"FEATURE_MANIFEST_SIZE_BACKFILL",
"TESTING",
"SEND_FILE_MAX_AGE_DEFAULT",
"DISABLED_FOR_AUDIT_LOGS",
"DISABLED_FOR_PULL_LOGS",
"FEATURE_DISABLE_PULL_LOGS_FOR_FREE_NAMESPACES",
"FEATURE_CLEAR_EXPIRED_RAC_ENTRIES",
"FEATURE_IMAGE_PULL_STATS",
"PULL_METRICS_WORKER_COUNT",
"REDIS_FLUSH_INTERVAL_SECONDS",
"ACTION_LOG_MAX_PAGE",
"NON_RATE_LIMITED_NAMESPACES",
"REPLICATION_QUEUE_NAME",
"DOCKERFILE_BUILD_QUEUE_NAME",
"CHUNK_CLEANUP_QUEUE_NAME",
"NOTIFICATION_QUEUE_NAME",
"REPOSITORY_GC_QUEUE_NAME",
"NAMESPACE_GC_QUEUE_NAME",
"EXPORT_ACTION_LOGS_QUEUE_NAME",
"SECSCAN_V4_NOTIFICATION_QUEUE_NAME",
"PROXY_CACHE_BLOB_QUEUE_NAME",
"FEATURE_BILLING",
"BILLING_TYPE",
"INSTANCE_SERVICE_KEY_LOCATION",
"INSTANCE_SERVICE_KEY_REFRESH",
"INSTANCE_SERVICE_KEY_SERVICE",
"INSTANCE_SERVICE_KEY_KID_LOCATION",
"INSTANCE_SERVICE_KEY_EXPIRATION",
"UNAPPROVED_SERVICE_KEY_TTL_SEC",
"EXPIRED_SERVICE_KEY_TTL_SEC",
"REGISTRY_JWT_AUTH_MAX_FRESH_S",
"SERVICE_LOG_ACCOUNT_ID",
"BUILDLOGS_OPTIONS",
"LIBRARY_NAMESPACE",
"STAGGER_WORKERS",
"QUEUE_WORKER_METRICS_REFRESH_SECONDS",
"PUSH_TEMP_TAG_EXPIRATION_SEC",
"GARBAGE_COLLECTION_FREQUENCY",
"PAGE_TOKEN_KEY",
"BUILD_MANAGER",
"SECURITY_SCANNER_V4_REINDEX_THRESHOLD",
"STATIC_SITE_BUCKET",
"LABEL_KEY_RESERVED_PREFIXES",
"TEAM_SYNC_WORKER_FREQUENCY",
"JSONIFY_PRETTYPRINT_REGULAR",
"TUF_GUN_PREFIX",
"LOGGING_LEVEL",
"SIGNED_GRANT_EXPIRATION_SEC",
"PROMETHEUS_PUSHGATEWAY_URL",
"DB_TRANSACTION_FACTORY",
"NOTIFICATION_SEND_TIMEOUT",
"QUEUE_METRICS_TYPE",
"MAIL_FAIL_SILENTLY",
"LOCAL_OAUTH_HANDLER",
"USE_CDN",
"ANALYTICS_TYPE",
"LAST_ACCESSED_UPDATE_THRESHOLD_S",
"GREENLET_TRACING",
"EXCEPTION_LOG_TYPE",
"SENTRY_DSN",
"SENTRY_PUBLIC_DSN",
"BILLED_NAMESPACE_MAXIMUM_BUILD_COUNT",
"THREAT_NAMESPACE_MAXIMUM_BUILD_COUNT",
"IP_DATA_API_KEY",
"REPO_MIRROR_INTERVAL",
"DATA_MODEL_CACHE_CONFIG",
# TODO: move this into the schema once we support signing in QE.
"FEATURE_SIGNING",
"TUF_SERVER",
"V1_ONLY_DOMAIN",
"LOGS_MODEL",
"LOGS_MODEL_CONFIG",
"V3_UPGRADE_MODE", # Deprecated old flag
"ACCOUNT_RECOVERY_MODE",
"BLOBUPLOAD_DELETION_DATE_THRESHOLD",
"REPO_MIRROR_TAG_ROLLBACK_PAGE_SIZE",
"QUOTA_INVALIDATE_TOTALS",
"RESET_CHILD_MANIFEST_EXPIRATION",
"PERMANENTLY_DELETE_TAGS",
"FEATURE_RH_MARKETPLACE",
"CDN_SPECIFIC_NAMESPACES",
"DEFAULT_UI",
}
CONFIG_SCHEMA = {
"type": "object",
"description": "Schema for Quay configuration",
"required": [
"PREFERRED_URL_SCHEME",
"SERVER_HOSTNAME",
"DB_URI",
"AUTHENTICATION_TYPE",
"DISTRIBUTED_STORAGE_CONFIG",
"BUILDLOGS_REDIS",
"USER_EVENTS_REDIS",
"DISTRIBUTED_STORAGE_PREFERENCE",
"DEFAULT_TAG_EXPIRATION",
"TAG_EXPIRATION_OPTIONS",
],
"properties": {
"REGISTRY_STATE": {
"type": "string",
"description": "The state of the registry.",
"enum": ["normal", "readonly"],
"x-example": "readonly",
},
# Hosting.
"PREFERRED_URL_SCHEME": {
"type": "string",
"description": "The URL scheme to use when hitting Quay. If Quay is behind SSL *at all*, this *must* be `https`",
"enum": ["http", "https"],
"x-example": "https",
},
"SERVER_HOSTNAME": {
"type": "string",
"description": "The URL at which Quay is accessible, without the scheme.",
"x-example": "quay.io",
},
"EXTERNAL_TLS_TERMINATION": {
"type": "boolean",
"description": "If TLS is supported, but terminated at a layer before Quay, must be true.",
"x-example": True,
},
# SSL/TLS.
"SSL_CIPHERS": {
"type": "array",
"description": "If specified, the nginx-defined list of SSL ciphers to enabled and disabled",
"x-example": ["CAMELLIA", "!3DES"],
"x-reference": "http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers",
},
"SSL_PROTOCOLS": {
"type": "array",
"description": "If specified, the nginx-defined list of SSL protocols to enabled and disabled",
"x-example": ["TLSv1.1", "TLSv1.2"],
"x-reference": "http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols",
},
# User-visible configuration.
"REGISTRY_TITLE": {
"type": "string",
"description": "If specified, the long-form title for the registry. Defaults to `Red Hat Quay`.",
"x-example": "Corp Container Service",
},
"REGISTRY_TITLE_SHORT": {
"type": "string",
"description": "If specified, the short-form title for the registry. Defaults to `Red Hat Quay`.",
"x-example": "CCS",
},
"CONTACT_INFO": {
"type": "array",
"uniqueItems": True,
"description": "If specified, contact information to display on the contact page. If only a single piece of contact information is specified, the contact footer will link directly.",
"items": [
{
"type": "string",
"pattern": "^mailto:(.)+$",
"x-example": "mailto:admin@example.com",
"description": "Adds a link to send an e-mail",
},
{
"type": "string",
"pattern": "^irc://(.)+$",
"x-example": "irc://irc.libera.chat:6667/quay",
"description": "Adds a link to visit an IRC chat room",
},
{
"type": "string",
"pattern": "^tel:(.)+$",
"x-example": "tel:+1-888-930-3475",
"description": "Adds a link to call a phone number",
},
{
"type": "string",
"pattern": "^http(s)?://(.)+$",
"x-example": "https://twitter.com/quayio",
"description": "Adds a link to a defined URL",
},
],
},
"SEARCH_RESULTS_PER_PAGE": {
"type": "number",
"description": "Number of results returned per page by search page. Defaults to 10",
"x-example": 10,
},
"SEARCH_MAX_RESULT_PAGE_COUNT": {
"type": "number",
"description": "Maximum number of pages the user can paginate in search before they are limited. Defaults to 10",
"x-example": 10,
},
# E-mail.
"FEATURE_MAILING": {
"type": "boolean",
"description": "Whether emails are enabled. Defaults to True",
"x-example": True,
},
"MAIL_SERVER": {
"type": "string",
"description": "The SMTP server to use for sending e-mails. Only required if FEATURE_MAILING is set to true.",
"x-example": "smtp.somedomain.com",
},
"MAIL_USE_TLS": {
"type": "boolean",
"description": "If specified, whether to use TLS for sending e-mails.",
"x-example": True,
},
"MAIL_PORT": {
"type": "number",
"description": "The SMTP port to use. If not specified, defaults to 587.",
"x-example": 588,
},
"MAIL_USERNAME": {
"type": ["string", "null"],
"description": "The SMTP username to use when sending e-mails.",
"x-example": "myuser",
},
"MAIL_PASSWORD": {
"type": ["string", "null"],
"description": "The SMTP password to use when sending e-mails.",
"x-example": "mypassword",
},
"MAIL_DEFAULT_SENDER": {
"type": ["string", "null"],
"description": "If specified, the e-mail address used as the `from` when Quay sends e-mails. If none, defaults to `admin@example.com`.",
"x-example": "support@myco.com",
},
# Database.
"DB_URI": {
"type": "string",
"description": "The URI at which to access the database, including any credentials.",
"x-example": "mysql+pymysql://username:password@dns.of.database/quay",
"x-reference": "https://www.postgresql.org/docs/9.3/static/libpq-connect.html#AEN39495",
},
"DB_CONNECTION_ARGS": {
"type": "object",
"description": "If specified, connection arguments for the database such as timeouts and SSL.",
"properties": {
"threadlocals": {
"type": "boolean",
"description": "Whether to use thread-local connections. Should *ALWAYS* be `true`",
},
"autorollback": {
"type": "boolean",
"description": "Whether to use auto-rollback connections. Should *ALWAYS* be `true`",
},
"ssl": {
"type": "object",
"description": "SSL connection configuration",
"properties": {
"ca": {
"type": "string",
"description": "*Absolute container path* to the CA certificate to use for SSL connections",
"x-example": "conf/stack/ssl-ca-cert.pem",
}
},
"required": ["ca"],
},
},
"required": ["threadlocals", "autorollback"],
},
"DB_CONNECTION_POOLING": {
"type": "boolean",
"description": "Allow pooling for DB",
},
"ALLOW_PULLS_WITHOUT_STRICT_LOGGING": {
"type": "boolean",
"description": "If true, pulls in which the pull audit log entry cannot be written will still succeed. Useful if the database can fallback into a read-only state and it is desired for pulls to continue during that time. Defaults to False.",
"x-example": True,
},
"ALLOW_WITHOUT_STRICT_LOGGING": {
"type": "boolean",
"description": "If true, any action in which the audit log entry cannot be written will still succeed. Useful if using an external logging service that may be down intermittently and the registry should continue to work. Defaults to False.",
"x-example": False,
},
# Storage.
"FEATURE_STORAGE_REPLICATION": {
"type": "boolean",
"description": "Whether to automatically replicate between storage engines. Defaults to False",
"x-example": False,
},
"FEATURE_PROXY_STORAGE": {
"type": "boolean",
"description": "Whether to proxy all direct download URLs in storage via the registry nginx. Defaults to False",
"x-example": False,
},
"FEATURE_PROXY_CACHE": {
"type": "boolean",
"description": "Whether pull through proxy cache feature is enabled. Defaults to False",
"x-example": False,
},
"FEATURE_PROXY_CACHE_BLOB_DOWNLOAD": {
"type": "boolean",
"description": "Whether to enable a background worker to download placeholder blobs. Defaults to True",
"x-example": True,
},
"MAXIMUM_LAYER_SIZE": {
"type": "string",
"description": "Maximum allowed size of an image layer. Defaults to 20G",
"x-example": "100G",
"pattern": "^[0-9]+(G|M)$",
},
"DISTRIBUTED_STORAGE_CONFIG": {
"type": "object",
"description": "Configuration for storage engine(s) to use in Quay. Each key is a unique ID for a storage engine, with the value being a tuple of the type and configuration for that engine.",
"x-example": {"local_storage": ["LocalStorage", {"storage_path": "some/path/"}]},
"items": {"type": "array"},
},
"DISTRIBUTED_STORAGE_PREFERENCE": {
"type": "array",
"description": "The preferred storage engine(s) (by ID in DISTRIBUTED_STORAGE_CONFIG) to use. A preferred engine means it is first checked for pullig and images are pushed to it.",
"items": {"type": "string", "uniqueItems": True},
"x-example": ["s3_us_east", "s3_us_west"],
},
"DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS": {
"type": "array",
"description": "The list of storage engine(s) (by ID in DISTRIBUTED_STORAGE_CONFIG) whose images should be fully replicated, by default, to all other storage engines.",
"items": {"type": "string", "uniqueItems": True},
"x-example": ["s3_us_east", "s3_us_west"],
},
"USERFILES_LOCATION": {
"type": "string",
"description": "ID of the storage engine in which to place user-uploaded files",
"x-example": "s3_us_east",
},
"USERFILES_PATH": {
"type": "string",
"description": "Path under storage in which to place user-uploaded files",
"x-example": "userfiles",
},
"ACTION_LOG_AUDIT_LOGINS": {
"type": "string",
"description": "Whether to log all registry API and Quay API/UI logins event to the action log. Defaults to True",
"x-example": False,
},
"ACTION_LOG_AUDIT_LOGIN_FAILURES": {
"type": "boolean",
"description": "Whether logging of failed logins attempts is enabled. Defaults to False",
"x-example": True,
},
"ACTION_LOG_AUDIT_PULL_FAILURES": {
"type": "boolean",
"description": "Whether logging of failed image pull attempts is enabled. Defaults to False",
"x-example": True,
},
"ACTION_LOG_AUDIT_PUSH_FAILURES": {
"type": "boolean",
"description": "Whether logging of failed image push attempts is enabled. Defaults to False",
"x-example": True,
},
"ACTION_LOG_AUDIT_DELETE_FAILURES": {
"type": "boolean",
"description": "Whether logging of failed image delete attempts is enabled. Defaults to False",
"x-example": True,
},
"ACTION_LOG_ARCHIVE_LOCATION": {
"type": "string",
"description": "If action log archiving is enabled, the storage engine in which to place the archived data.",
"x-example": "s3_us_east",
},
"ACTION_LOG_ARCHIVE_PATH": {
"type": "string",
"description": "If action log archiving is enabled, the path in storage in which to place the archived data.",
"x-example": "archives/actionlogs",
},
"ACTION_LOG_ROTATION_THRESHOLD": {
"type": "string",
"description": "If action log archiving is enabled, the time interval after which to archive data.",
"x-example": "30d",
},
"LOG_ARCHIVE_LOCATION": {
"type": "string",
"description": "If builds are enabled, the storage engine in which to place the archived build logs.",
"x-example": "s3_us_east",
},
"LOG_ARCHIVE_PATH": {
"type": "string",
"description": "If builds are enabled, the path in storage in which to place the archived build logs.",
"x-example": "archives/buildlogs",
},
# Authentication.
"AUTHENTICATION_TYPE": {
"type": "string",
"description": "The authentication engine to use for credential authentication.",
"x-example": "Database",
"enum": ["Database", "LDAP", "JWT", "Keystone", "OIDC", "AppToken"],
},
"SUPER_USERS": {
"type": "array",
"description": "Quay usernames of those users to be granted superuser privileges",
"uniqueItems": True,
"items": {"type": "string"},
},
"DIRECT_OAUTH_CLIENTID_WHITELIST": {
"type": "array",
"description": "A list of client IDs of *Quay-managed* applications that are allowed to perform direct OAuth approval without user approval.",
"x-reference": "https://coreos.com/quay-enterprise/docs/latest/direct-oauth.html",
"uniqueItems": True,
"items": {"type": "string"},
},
# Redis.
"BUILDLOGS_REDIS": {
"type": "object",
"description": "Connection information for Redis for build logs caching",
"required": ["host"],
"properties": {
"host": {
"type": "string",
"description": "The hostname at which Redis is accessible",
"x-example": "my.redis.cluster",
},
"port": {
"type": "number",
"description": "The port at which Redis is accessible",
"x-example": 1234,
},
"password": {
"type": "string",
"description": "The password to connect to the Redis instance",
"x-example": "mypassword",
},
},
},
"FEATURE_USER_EVENTS": {
"type": "boolean",
"description": "Whether user events are enabled. Defaults to True",
"x-example": True,
},
"USER_EVENTS_REDIS": {
"type": "object",
"description": "Connection information for Redis for user event handling",
"required": ["host"],
"properties": {
"host": {
"type": "string",
"description": "The hostname at which Redis is accessible",
"x-example": "my.redis.cluster",
},
"port": {
"type": "number",
"description": "The port at which Redis is accessible",
"x-example": 1234,
},
"password": {
"type": "string",
"description": "The password to connect to the Redis instance",
"x-example": "mypassword",
},
},
},
"PULL_METRICS_REDIS": {
"type": "object",
"description": "Connection information for Redis for pull metrics storage",
"required": ["host"],
"properties": {
"host": {
"type": "string",
"description": "The hostname at which Redis is accessible",
"x-example": "my.redis.cluster",
},
"port": {
"type": "number",
"description": "The port at which Redis is accessible",
"x-example": 1234,
},
"password": {
"type": "string",
"description": "The password to connect to the Redis instance",
"x-example": "mypassword",
},
"db": {
"type": "number",
"description": "The Redis database number to use for pull metrics",
"x-example": 1,
},
},
},
# OAuth configuration.
"GITHUB_LOGIN_CONFIG": {
"type": ["object", "null"],
"description": "Configuration for using GitHub (Enterprise) as an external login provider",
"required": ["CLIENT_ID", "CLIENT_SECRET"],
"x-reference": "https://coreos.com/quay-enterprise/docs/latest/github-auth.html",
"properties": {
"GITHUB_ENDPOINT": {
"type": "string",
"description": "The endpoint of the GitHub (Enterprise) being hit",
"x-example": "https://github.com/",
},
"API_ENDPOINT": {
"type": "string",
"description": "The endpoint of the GitHub (Enterprise) API to use. Must be overridden for github.com",
"x-example": "https://api.github.com/",
},
"CLIENT_ID": {
"type": "string",
"description": "The registered client ID for this Quay instance; cannot be shared with GITHUB_TRIGGER_CONFIG",
"x-example": "0e8dbe15c4c7630b6780",
"x-reference": "https://coreos.com/quay-enterprise/docs/latest/github-app.html",
},
"CLIENT_SECRET": {
"type": "string",
"description": "The registered client secret for this Quay instance",
"x-example": "e4a58ddd3d7408b7aec109e85564a0d153d3e846",
"x-reference": "https://coreos.com/quay-enterprise/docs/latest/github-app.html",
},
"ORG_RESTRICT": {
"type": "boolean",
"description": "If true, only users within the organization whitelist can login using this provider",
"x-example": True,
},
"ALLOWED_ORGANIZATIONS": {
"type": "array",
"description": "The names of the GitHub (Enterprise) organizations whitelisted to work with the ORG_RESTRICT option",
"uniqueItems": True,
"items": {"type": "string"},
},
},
},
"BITBUCKET_TRIGGER_CONFIG": {
"type": ["object", "null"],
"description": "Configuration for using BitBucket for build triggers",
"required": ["CONSUMER_KEY", "CONSUMER_SECRET"],
"x-reference": "https://coreos.com/quay-enterprise/docs/latest/bitbucket-build.html",
"properties": {
"CONSUMER_KEY": {
"type": "string",
"description": "The registered consumer key (client ID) for this Quay instance",
"x-example": "0e8dbe15c4c7630b6780",
},
"CONSUMER_SECRET": {
"type": "string",
"description": "The registered consumer secret (client secret) for this Quay instance",
"x-example": "e4a58ddd3d7408b7aec109e85564a0d153d3e846",
},
},
},
"GITHUB_TRIGGER_CONFIG": {
"type": ["object", "null"],
"description": "Configuration for using GitHub (Enterprise) for build triggers",
"required": ["GITHUB_ENDPOINT", "CLIENT_ID", "CLIENT_SECRET"],
"x-reference": "https://coreos.com/quay-enterprise/docs/latest/github-build.html",
"properties": {
"GITHUB_ENDPOINT": {
"type": "string",
"description": "The endpoint of the GitHub (Enterprise) being hit",
"x-example": "https://github.com/",
},
"API_ENDPOINT": {
"type": "string",
"description": "The endpoint of the GitHub (Enterprise) API to use. Must be overridden for github.com",
"x-example": "https://api.github.com/",
},
"CLIENT_ID": {
"type": "string",
"description": "The registered client ID for this Quay instance; cannot be shared with GITHUB_LOGIN_CONFIG",
"x-example": "0e8dbe15c4c7630b6780",
"x-reference": "https://coreos.com/quay-enterprise/docs/latest/github-app.html",
},
"CLIENT_SECRET": {
"type": "string",
"description": "The registered client secret for this Quay instance",
"x-example": "e4a58ddd3d7408b7aec109e85564a0d153d3e846",
"x-reference": "https://coreos.com/quay-enterprise/docs/latest/github-app.html",
},
},
},
"GOOGLE_LOGIN_CONFIG": {
"type": ["object", "null"],
"description": "Configuration for using Google for external authentication",
"required": ["CLIENT_ID", "CLIENT_SECRET"],
"properties": {
"CLIENT_ID": {
"type": "string",
"description": "The registered client ID for this Quay instance",
"x-example": "0e8dbe15c4c7630b6780",
},
"CLIENT_SECRET": {
"type": "string",
"description": "The registered client secret for this Quay instance",
"x-example": "e4a58ddd3d7408b7aec109e85564a0d153d3e846",
},
},
},
"GITLAB_TRIGGER_CONFIG": {
"type": ["object", "null"],
"description": "Configuration for using Gitlab (Enterprise) for external authentication",
"required": ["GITLAB_ENDPOINT", "CLIENT_ID", "CLIENT_SECRET"],
"properties": {
"GITLAB_ENDPOINT": {
"type": "string",
"description": "The endpoint at which Gitlab(Enterprise) is running",
"x-example": "https://gitlab.com",
},
"CLIENT_ID": {
"type": "string",
"description": "The registered client ID for this Quay instance",
"x-example": "0e8dbe15c4c7630b6780",
},
"CLIENT_SECRET": {
"type": "string",
"description": "The registered client secret for this Quay instance",
"x-example": "e4a58ddd3d7408b7aec109e85564a0d153d3e846",
},
},
},
"BRANDING": {
"type": ["object", "null"],
"description": "Custom branding for logos and URLs in the Quay UI",
"required": ["logo"],
"properties": {
"logo": {
"type": "string",
"description": "Main logo image URL",
"x-example": "/static/img/quay-horizontal-color.svg",
},
"logo_dark": {
"type": "string",
"description": "Dark theme variant of main logo (for dark backgrounds)",
"x-example": "/static/img/quay-horizontal-white.svg",
},
"footer_img": {
"type": "string",
"description": "Logo for UI footer",
"x-example": "/static/img/RedHat.svg",
},
"footer_url": {
"type": "string",
"description": "Link for footer image",
"x-example": "https://redhat.com",
},
},
},
"DOCUMENTATION_ROOT": {
"type": "string",
"description": "Root URL for documentation links",
},
# Health.
"HEALTH_CHECKER": {
"description": "The configured health check.",
"x-example": (
"RDSAwareHealthCheck",
{"access_key": "foo", "secret_key": "bar"},
),
},
# Metrics.
"PROMETHEUS_NAMESPACE": {
"type": "string",
"description": "The prefix applied to all exposed Prometheus metrics. Defaults to `quay`",
"x-example": "myregistry",
},
"TRACKED_NAMESPACES": {
"oneOf": [
{
"type": "array",
"description": "List of namespace names to track in metrics. Each namespace gets its own label.",
"items": {"type": "string"},
"x-example": ["redhat", "internal"],
},
{
"type": "object",
"description": "Mapping of bucket names to namespace lists. Multiple namespaces can share the same bucket label.",
"additionalProperties": {
"oneOf": [
{"type": "array", "items": {"type": "string"}},
{"type": "string"},
]
},
"x-example": {
"critical": ["redhat", "internal"],
"customers": ["customer1", "customer2"],
},
},
],
"description": "Namespaces to track in Prometheus metrics. Supports two formats: list (each namespace gets its own label) or dict (multiple namespaces share a bucket).",
"x-example": ["redhat"],
},
# Misc configuration.
"BLACKLIST_V2_SPEC": {
"type": "string",
"description": "The Docker CLI versions to which Quay will respond that V2 is *unsupported*. Defaults to `<1.6.0`",
"x-reference": "http://pythonhosted.org/semantic_version/reference.html#semantic_version.Spec",
"x-example": "<1.8.0",
},
"USER_RECOVERY_TOKEN_LIFETIME": {
"type": "string",
"description": "The length of time a token for recovering a user accounts is valid. Defaults to 30m.",
"x-example": "10m",
"pattern": "^[0-9]+(w|m|d|h|s)$",
},
"SESSION_COOKIE_SECURE": {
"type": "boolean",
"description": "Whether the `secure` property should be set on session cookies. Defaults to False. Recommended to be True for all installations using SSL.",
"x-example": True,
"x-reference": "https://en.wikipedia.org/wiki/Secure_cookies",
},
"PUBLIC_NAMESPACES": {
"type": "array",
"description": 'If a namespace is defined in the public namespace list, then it will appear on *all* user\'s repository list pages, regardless of whether that user is a member of the namespace. Typically, this is used by an enterprise customer in configuring a set of "well-known" namespaces.',
"uniqueItems": True,
"items": {"type": "string"},
},
"AVATAR_KIND": {
"type": "string",
"description": "The types of avatars to display, either generated inline (local) or Gravatar (gravatar)",
"enum": ["local", "gravatar"],
},
"V2_PAGINATION_SIZE": {
"type": "number",
"description": "The number of results returned per page in V2 registry APIs",
"x-example": 100,
},
"ENABLE_HEALTH_DEBUG_SECRET": {
"type": ["string", "null"],
"description": "If specified, a secret that can be given to health endpoints to see full debug info when not authenticated as a superuser",
"x-example": "somesecrethere",
},
"BROWSER_API_CALLS_XHR_ONLY": {
"type": "boolean",
"description": "If enabled, only API calls marked as being made by an XHR will be allowed from browsers. Defaults to True.",
"x-example": False,
},
# Time machine and tag expiration settings.
"FEATURE_CHANGE_TAG_EXPIRATION": {
"type": "boolean",
"description": "Whether users and organizations are allowed to change the tag expiration for tags in their namespace. Defaults to True.",
"x-example": False,
},
"FEATURE_IMMUTABLE_TAGS": {
"type": "boolean",
"description": "Whether tag immutability enforcement is enabled. When enabled, immutable tags cannot be deleted or overwritten. Defaults to True.",
"x-example": True,
},
"DEFAULT_TAG_EXPIRATION": {
"type": "string",
"description": "The default, configurable tag expiration time for time machine. Defaults to `2w`.",
"pattern": "^[0-9]+(w|m|d|h|s)$",
},
"TAG_EXPIRATION_OPTIONS": {
"type": "array",
"description": "The options that users can select for expiration of tags in their namespace (if enabled)",
"items": {"type": "string", "pattern": "^[0-9]+(w|m|d|h|s)$"},
},
# Team syncing.
"FEATURE_TEAM_SYNCING": {
"type": "boolean",
"description": "Whether to allow for team membership to be synced from a backing group in the authentication engine (LDAP or Keystone)",
"x-example": True,
},
"TEAM_RESYNC_STALE_TIME": {
"type": "string",
"description": "If team syncing is enabled for a team, how often to check its membership and resync if necessary (Default: 30m)",
"x-example": "2h",
"pattern": "^[0-9]+(w|m|d|h|s)$",
},
"FEATURE_NONSUPERUSER_TEAM_SYNCING_SETUP": {
"type": "boolean",
"description": "If enabled, non-superusers can setup syncing on teams to backing LDAP or Keystone. Defaults To False.",
"x-example": True,
},
# Security scanning.
"FEATURE_SECURITY_SCANNER": {
"type": "boolean",
"description": "Whether to turn of/off the security scanner. Defaults to False",
"x-example": False,
"x-reference": "https://coreos.com/quay-enterprise/docs/latest/security-scanning.html",
},
"FEATURE_SECURITY_NOTIFICATIONS": {
"type": "boolean",
"description": "If the security scanner is enabled, whether to turn of/off security notificaitons. Defaults to False",
"x-example": False,
},
"SECURITY_SCANNER_V4_ENDPOINT": {
"type": ["string", "null"],
"pattern": "^http(s)?://(.)+$",
"description": "The endpoint for the V4 security scanner",
"x-example": "http://192.168.99.101:6060",
},
"SECURITY_SCANNER_V4_INDEX_MAX_LAYER_SIZE": {
"type": ["string", "null"],
"description": "Maxmum size for a layer to be indexed",
"x-example": "8G",
},
"SECURITY_SCANNER_V4_MANIFEST_CLEANUP": {
"type": "boolean",
"description": "If the security scanner is enabled, whether or not to remove deleted manifests from the security scanner service. Defaults to False",
"x-example": False,
},
"SECURITY_SCANNER_INDEXING_INTERVAL": {
"type": "number",
"description": "The number of seconds between indexing intervals in the security scanner. Defaults to 30.",
"x-example": 30,
},
"SECURITY_SCANNER_V4_PSK": {
"type": "string",
"description": "A base64 encoded string used to sign JWT(s) on Clair V4 requests. If 'None' jwt signing will not occur.",
"x-example": "PSK",
},
# Repository mirroring
"REPO_MIRROR_INTERVAL": {
"type": "number",
"description": "The number of seconds between checking for repository mirror candidates. Defaults to 30.",
"x-example": 30,
},
# Build
"FEATURE_GITHUB_BUILD": {
"type": "boolean",
"description": "Whether to support GitHub build triggers. Defaults to False",
"x-example": False,
},
"FEATURE_BITBUCKET_BUILD": {
"type": "boolean",
"description": "Whether to support Bitbucket build triggers. Defaults to False",
"x-example": False,
},
"FEATURE_GITLAB_BUILD": {
"type": "boolean",
"description": "Whether to support GitLab build triggers. Defaults to False",
"x-example": False,
},
"FEATURE_BUILD_SUPPORT": {
"type": "boolean",
"description": "Whether to support Dockerfile build. Defaults to True",
"x-example": True,
},
"DEFAULT_NAMESPACE_MAXIMUM_BUILD_COUNT": {
"type": ["number", "null"],
"description": "If not None, the default maximum number of builds that can be queued in a namespace.",
"x-example": 20,
},
"SUCCESSIVE_TRIGGER_INTERNAL_ERROR_DISABLE_THRESHOLD": {
"type": ["number", "null"],
"description": "If not None, the number of successive internal errors that can occur before a build trigger is automatically disabled. Defaults to 5.",
"x-example": 10,
},
"SUCCESSIVE_TRIGGER_FAILURE_DISABLE_THRESHOLD": {
"type": ["number", "null"],
"description": "If not None, the number of successive failures that can occur before a build trigger is automatically disabled. Defaults to 100.",
"x-example": 50,
},
# Nested repository names
"FEATURE_EXTENDED_REPOSITORY_NAMES": {
"type": "boolean",
"description": "Whether repository names can have nested paths (/)",
"x-example": True,
},
# Login
"FEATURE_GITHUB_LOGIN": {
"type": "boolean",
"description": "Whether GitHub login is supported. Defaults to False",
"x-example": False,
},
"FEATURE_GOOGLE_LOGIN": {
"type": "boolean",
"description": "Whether Google login is supported. Defaults to False",
"x-example": False,
},
# Recaptcha
"FEATURE_RECAPTCHA": {
"type": "boolean",
"description": "Whether Recaptcha is necessary for user login and recovery. Defaults to False",
"x-example": False,
"x-reference": "https://www.google.com/recaptcha/intro/",
},
"RECAPTCHA_SITE_KEY": {
"type": ["string", "null"],
"description": "If recaptcha is enabled, the site key for the Recaptcha service",
},
"RECAPTCHA_SECRET_KEY": {
"type": ["string", "null"],
"description": "If recaptcha is enabled, the secret key for the Recaptcha service",
},
# Pass through recaptcha for whitelisted users to support org/user creation via API
"RECAPTCHA_WHITELISTED_USERS": {
"type": "array",
"description": "Quay usernames of those users allowed to create org/user via API bypassing recaptcha security check",
"uniqueItems": True,
"items": {"type": "string"},
},
# External application tokens.
"FEATURE_APP_SPECIFIC_TOKENS": {
"type": "boolean",
"description": "If enabled, users can create tokens for use by the Docker CLI. Defaults to True",
"x-example": False,
},
"APP_SPECIFIC_TOKEN_EXPIRATION": {
"type": ["string", "null"],
"description": "The expiration for external app tokens. Defaults to None.",
"pattern": "^[0-9]+(w|m|d|h|s)$",
},
"EXPIRED_APP_SPECIFIC_TOKEN_GC": {
"type": ["string", "null"],
"description": "Duration of time expired external app tokens will remain before being garbage collected. Defaults to 1d.",
"pattern": "^[0-9]+(w|m|d|h|s)$",
},
# Feature Flag: Garbage collection.
"FEATURE_GARBAGE_COLLECTION": {
"type": "boolean",
"description": "Whether garbage collection of repositories is enabled. Defaults to True",
"x-example": False,
},
# Feature Flag: Rate limits.
"FEATURE_RATE_LIMITS": {
"type": "boolean",
"description": "Whether to enable rate limits on API and registry endpoints. Defaults to False",
"x-example": True,
},
# Feature Flag: Aggregated log retrieval.
"FEATURE_AGGREGATED_LOG_COUNT_RETRIEVAL": {
"type": "boolean",
"description": "Whether to allow retrieval of aggregated log counts. Defaults to True",
"x-example": True,
},
# Feature Flag: Log export.
"FEATURE_LOG_EXPORT": {
"type": "boolean",
"description": "Whether to allow exporting of action logs. Defaults to True",
"x-example": True,
},
# Feature Flag: User last accessed.
"FEATURE_USER_LAST_ACCESSED": {
"type": "boolean",
"description": "Whether to record the last time a user was accessed. Defaults to True",
"x-example": True,
},
# Feature Flag: Permanent Sessions.
"FEATURE_PERMANENT_SESSIONS": {
"type": "boolean",
"description": "Whether sessions are permanent. Defaults to True",
"x-example": True,
},
# Feature Flag: Super User Support.
"FEATURE_SUPER_USERS": {
"type": "boolean",
"description": "Whether super users are supported. Defaults to True",
"x-example": True,
},
# Feature Flag: Use FIPS compliant cryptography.
"FEATURE_FIPS": {
"type": "boolean",
"description": "If set to true, Quay will run using FIPS compliant hash functions. Defaults to False",
"x-example": True,
},
# Feature Flag: Anonymous Users.
"FEATURE_ANONYMOUS_ACCESS": {
"type": "boolean",
"description": " Whether to allow anonymous users to browse and pull public repositories. Defaults to True",
"x-example": True,
},
# Feature Flag: User Creation.
"FEATURE_USER_CREATION": {
"type": "boolean",
"description": "Whether users can be created (by non-super users). Defaults to True",
"x-example": True,
},
# Feature Flag: Invite Only User Creation.
"FEATURE_INVITE_ONLY_USER_CREATION": {
"type": "boolean",
"description": "Whether users being created must be invited by another user. Defaults to False",
"x-example": False,
},
# Feature Flag: Encrypted Basic Auth.
"FEATURE_REQUIRE_ENCRYPTED_BASIC_AUTH": {
"type": "boolean",
"description": "Whether non-encrypted passwords (as opposed to encrypted tokens) can be used for basic auth. Defaults to False",
"x-example": False,
},
# Feature Flag: Direct Login.
"FEATURE_DIRECT_LOGIN": {
"type": "boolean",
"description": "Whether users can directly login to the UI. Defaults to True",
"x-example": True,
},
# Feature Flag: Advertising V2.
"FEATURE_ADVERTISE_V2": {
"type": "boolean",
"description": "Whether the v2/ endpoint is visible. Defaults to True",
"x-example": True,
},
# Feature Flag: Log Rotation.
"FEATURE_ACTION_LOG_ROTATION": {
"type": "boolean",
"description": "Whether or not to rotate old action logs to storage. Defaults to False",
"x-example": False,
},
# Feature Flag: Library Support.
"FEATURE_LIBRARY_SUPPORT": {
"type": "boolean",
"description": 'Whether to allow for "namespace-less" repositories when pulling and pushing from Docker. Defaults to True',
"x-example": True,
},
# Feature Flag: Require Team Invite.
"FEATURE_REQUIRE_TEAM_INVITE": {
"type": "boolean",
"description": "Whether to require invitations when adding a user to a team. Defaults to True",
"x-example": True,
},
# Feature Flag: Collecting and Supporting Metadata.
"FEATURE_USER_METADATA": {
"type": "boolean",
"description": "Whether to collect and support user metadata. Defaults to False",
"x-example": False,
},
# Feature Flag: Public Reposiotires in _catalog Endpoint.
"FEATURE_PUBLIC_CATALOG": {
"type": "boolean",
"description": "If set to true, the _catalog endpoint returns public repositories. Otherwise, only private repositories can be returned. Defaults to False",
"x-example": False,
},
# Feature Flag: Reader Build Logs.
"FEATURE_READER_BUILD_LOGS": {
"type": "boolean",
"description": "If set to true, build logs may be read by those with read access to the repo, rather than only write access or admin access. Defaults to False",
"x-example": False,
},
# Feature Flag: Usernames Autocomplete.
"FEATURE_PARTIAL_USER_AUTOCOMPLETE": {
"type": "boolean",
"description": "If set to true, autocompletion will apply to partial usernames. Defaults to True",
"x-example": True,
},
# Feature Flag: User log access.
"FEATURE_USER_LOG_ACCESS": {
"type": "boolean",
"description": "If set to true, users will have access to audit logs for their namespace. Defaults to False",
"x-example": True,
},
# Feature Flag: User renaming.
"FEATURE_USER_RENAME": {
"type": "boolean",
"description": "If set to true, users can rename their own namespace. Defaults to False",
"x-example": True,
},
# Feature Flag: Username confirmation.
"FEATURE_USERNAME_CONFIRMATION": {
"type": "boolean",
"description": "If set to true, users can confirm their generated usernames. Defaults to True",
"x-example": False,
},
# Feature Flag: V1 push restriction.
"FEATURE_RESTRICTED_V1_PUSH": {
"type": "boolean",
"description": "If set to true, only namespaces listed in V1_PUSH_WHITELIST support V1 push. Defaults to True",
"x-example": False,
},
# Feature Flag: Support Repository Mirroring.
"FEATURE_REPO_MIRROR": {
"type": "boolean",
"description": "Whether to enable support for repository mirroring. Defaults to False",
"x-example": False,
},
# Feature Flag: Support Organization-Level Repository Mirroring.
"FEATURE_ORG_MIRROR": {
"type": "boolean",
"description": "Whether to enable support for organization-level repository mirroring. Defaults to False",
"x-example": False,
},
"REPO_MIRROR_TLS_VERIFY": {
"type": "boolean",
"description": "Require HTTPS and verify certificates of Quay registry during mirror. Defaults to True",
"x-example": True,
},
"REPO_MIRROR_SERVER_HOSTNAME": {
"type": ["string", "null"],
"description": "Replaces the SERVER_HOSTNAME as the destination for mirroring. Defaults to unset",
"x-example": "openshift-quay-service",
},
"REPO_MIRROR_ROLLBACK": {
"type": ["boolean", "null"],
"description": "Enables rolling repository back to previous state in the event the mirror fails. Defaults to false",
"x-example": "true",
},
# Feature Flag: V1 push restriction.
"V1_PUSH_WHITELIST": {
"type": "array",
"description": "The array of namespace names that support V1 push if FEATURE_RESTRICTED_V1_PUSH is set to true.",
"x-example": ["some", "namespaces"],
},
# Logs model
"LOGS_MODEL": {
"type": "string",
"description": "Logs model for action logs",
"enum": [
"database",
"transition_reads_both_writes_es",
"elasticsearch",
"splunk",
],
"x-example": "database",
},
"LOGS_MODEL_CONFIG": {
"type": "object",
"description": "Logs model config for action logs",
"properties": {
"producer": {
"type": "string",
"description": "Logs producer",
"enum": [
"kafka",
"elasticsearch",
"kinesis_stream",
"splunk",
"splunk_hec",
],
"x-example": "kafka",
},
"elasticsearch_config": {
"type": "object",
"description": "Elasticsearch cluster configuration",
"properties": {
"host": {
"type": "string",
"description": "Elasticsearch cluster endpoint",
"x-example": "host.elasticsearch.example",
},
"port": {
"type": "number",
"description": "Elasticsearch cluster endpoint port",
"x-example": 1234,
},
"access_key": {
"type": "string",
"description": "Elasticsearch user (or IAM key for AWS ES)",
"x-example": "some_string",
},
"secret_key": {
"type": "string",
"description": "Elasticsearch password (or IAM secret for AWS ES)",
"x-example": "some_secret_string",
},
"aws_region": {
"type": "string",
"description": "Amazon web service region",
"x-example": "us-east-1",
},
"use_ssl": {
"type": "boolean",
"description": "Use ssl for Elasticsearch. Defaults to True",
"x-example": True,
},
"index_prefix": {
"type": "string",
"description": "Elasticsearch's index prefix",
"x-example": "logentry_",
},
"index_settings": {
"type": "object",
"description": "Elasticsearch's index settings",
},
},
},
"kafka_config": {
"type": "object",
"description": "Kafka cluster configuration",
"properties": {
"bootstrap_servers": {
"type": "array",
"description": "List of Kafka brokers to bootstrap the client from",
"uniqueItems": True,
"items": {"type": "string"},
},
"topic": {
"type": "string",
"description": "Kafka topic to publish log entries to",
"x-example": "logentry",
},
"max_block_seconds": {
"type": "number",
"description": "Max number of seconds to block during a `send()`, either because the buffer is full or metadata unavailable",
"x-example": 10,
},
},
},
"kinesis_stream_config": {
"type": "object",
"description": "AWS Kinesis Stream configuration",
"properties": {
"stream_name": {
"type": "string",
"description": "Kinesis stream to send action logs to",
"x-example": "logentry-kinesis-stream",
},
"aws_region": {
"type": "string",
"description": "AWS region",
"x-example": "us-east-1",
},
"aws_access_key": {
"type": "string",
"description": "AWS access key",
"x-example": "some_access_key",
},
"aws_secret_key": {
"type": "string",
"description": "AWS secret key",
"x-example": "some_secret_key",
},
"connect_timeout": {
"type": "number",
"description": "Number of seconds before timeout when attempting to make a connection",
"x-example": 5,
},
"read_timeout": {
"type": "number",
"description": "Number of seconds before timeout when reading from a connection",
"x-example": 5,
},
"retries": {
"type": "number",
"description": "Max number of attempts made on a single request",
"x-example": 5,
},
"max_pool_connections": {
"type": "number",
"description": "The maximum number of connections to keep in a connection pool",
"x-example": 10,
},
},
},
"splunk_config": {
"type": "object",
"description": "Logs model config for splunk action logs/ splunk cluster configuration",
"x-reference": "https://dev.splunk.com/enterprise/docs/devtools/python/sdk-python/howtousesplunkpython/howtogetdatapython#To-add-data-directly-to-an-index",
"properties": {
"host": {
"type": "string",
"description": "Splunk cluster endpoint",
"x-example": "host.splunk.example",
},
"port": {
"type": "number",
"description": "Splunk management cluster endpoint port",
"x-example": 1234,
},
"bearer_token": {
"type": "string",
"description": "Bearer_Token for splunk.See: https://dev.splunk.com/enterprise/docs/devtools/python/sdk-python/howtousesplunkpython/howtoconnectpython/#Log-in-using-a-bearer-token",
"x-example": "us-east-1",
},
"url_scheme": {
"type": "string",
"description": "The url scheme for accessing the splunk service. If Splunk is behind SSL *at all*, this *must* be `https`",
"enum": ["http", "https"],
"x-example": "https",
},
"verify_ssl": {
"type": "boolean",
"description": "Enable (True) or disable (False) SSL verification for https connections.Defaults to True",
"x-example": True,
},
"index_prefix": {
"type": "string",
"description": "Splunk's index prefix",
"x-example": "splunk_logentry_",
},
"ssl_ca_path": {
"type": "string",
"description": "*Relative container path* to a single .pem file containing a CA certificate for SSL verification",
"x-example": "conf/stack/ssl-ca-cert.pem",
},
},
},
"splunk_hec_config": {
"type": "object",
"description": "Logs model config for splunk HTTP event collector action logs configuration",
"x-reference": "https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/UsetheHTTPEventCollector#More_information_on_HEC_for_developers",
"properties": {
"host": {
"type": "string",
"description": "Splunk cluster endpoint",
"x-example": "host.splunk.example",
},
"port": {
"type": "number",
"description": "Splunk management cluster endpoint port",
"x-example": 8080,
"default": 443,
},
"hec_token": {
"type": "string",
"description": "HEC token for splunk.",
"x-example": "1ad4d7bb-eed9-443a-897d-29e3b27df7a8",
},
"url_scheme": {
"type": "string",
"description": "The url scheme for accessing the splunk service. If Splunk is behind SSL *at all*, this *must* be `https`",
"enum": ["http", "https"],
"x-example": "https",
"default": "https",
},
"verify_ssl": {
"type": "boolean",
"description": "Enable (True) or disable (False) SSL verification for https connections.Defaults to True",
"x-example": True,
"default": True,
},
"ssl_ca_path": {
"type": "string",
"description": "*Relative container path* to a single .pem file containing a CA certificate for SSL verification",
"x-example": "conf/stack/ssl-ca-cert.pem",
},
"index": {
"type": "string",
"description": "The splunk index to use (overrides the token's default index).",
"x-example": "main",
},
"splunk_host": {
"type": "string",
"description": "The host name to log this event with (Defaults to the configured server hostname).",
"x-example": "quay.dev",
"default": "configured server hostname",
},
"splunk_sourcetype": {
"type": "string",
"description": "The name of the Splunk sourcetype to use.",
"x-example": "quay-sourcetype",
"default": "access_combined",
},
"timeout": {
"type": "number",
"description": "Timeout in seconds for HTTP requests to Splunk HEC endpoint. Prevents requests from hanging indefinitely when Splunk is unresponsive.",
"x-example": 10,
"default": 10,
"minimum": 1,
"maximum": 15,
},
},
"required": ["host", "hec_token"],
},
},
},
# Feature Flag: Blacklist Email Domains
"FEATURE_BLACKLISTED_EMAILS": {
"type": "boolean",
"description": "If set to true, no new User accounts may be created if their email domain is blacklisted.",
"x-example": False,
},
# Blacklisted Email Domains
"BLACKLISTED_EMAIL_DOMAINS": {
"type": "array",
"description": "The array of email-address domains that is used if FEATURE_BLACKLISTED_EMAILS is set to true.",
"x-example": ["example.com", "example.org"],
},
"FRESH_LOGIN_TIMEOUT": {
"type": "string",
"description": "The time after which a fresh login requires users to reenter their password",
"x-example": "5m",
},
# Webhook blacklist.
"WEBHOOK_HOSTNAME_BLACKLIST": {
"type": "array",
"description": "The set of hostnames to disallow from webhooks when validating, beyond localhost",
"x-example": ["somexternaldomain.com"],
},
"CREATE_PRIVATE_REPO_ON_PUSH": {
"type": "boolean",
"description": "Whether new repositories created by push are set to private visibility. Defaults to True.",
"x-example": True,
},
"CREATE_NAMESPACE_ON_PUSH": {
"type": "boolean",
"description": "Whether new push to a non-existent organization creates it. Defaults to False.",
"x-example": False,
},
# Allow first user to be initialized via API
"FEATURE_USER_INITIALIZE": {
"type": "boolean",
"description": "If set to true, the first User account may be created via API /api/v1/user/initialize",
"x-example": False,
},
# OCI artifact types
"ALLOWED_OCI_ARTIFACT_TYPES": {
"type": "object",
"description": "The set of allowed OCI artifact mimetypes and the assiciated layer types",
"x-example": {
"application/vnd.cncf.helm.config.v1+json": ["application/tar+gzip"],
"application/vnd.sylabs.sif.config.v1+json": [
"application/vnd.sylabs.sif.layer.v1.sif"
],
},
},
"FEATURE_REFERRERS_API": {
"type": "boolean",
"description": "Enables OCI 1.1's referrers API",
"x-example": False,
},
# Clean partial uploads during S3 multipart upload
"CLEAN_BLOB_UPLOAD_FOLDER": {
"type": "boolean",
"description": "Automatically clean stale blobs leftover in the uploads storage folder from cancelled uploads",
"x-example": False,
},
# Enable Quota Management
"FEATURE_QUOTA_MANAGEMENT": {
"type": "boolean",
"description": "Enables configuration, caching, and validation for quota management feature",
"x-example": False,
},
"FEATURE_QUOTA_SUPPRESS_FAILURES": {
"type": "boolean",
"description": "Catches and suppresses quota failures during image push and garbage collection",
"x-example": False,
},
"DEFAULT_SYSTEM_REJECT_QUOTA_BYTES": {
"type": "int",
"description": "Enables system default quota reject byte allowance for all organizations",
"x-example": False,
},
"QUOTA_TOTAL_DELAY_SECONDS": {
"type": "int",
"description": "The time to delay the Quota backfill operation. Must be set longer than the time required to complete the deployment.",
"x-example": 30,
},
"QUOTA_BACKFILL": {
"type": "boolean",
"description": "Enables the quota backfill worker to calculate the size of pre-existing blobs",
"x-example": True,
},
"QUOTA_BACKFILL_POLL_PERIOD": {
"type": "int",
"description": "The amount of time between runs of the quota backfill worker in seconds",
"x-example": 15,
},
"QUOTA_BACKFILL_BATCH_SIZE": {
"type": "int",
"description": "The amount of namespaces that will be calculated for quota backfill on wakeup of the backfill worker.",
"x-example": 100,
},
"QUOTA_INVALIDATE_TOTALS": {
"type": "boolean",
"description": "Invalidates totals when a write happens to a namespace and repository when FEATURE_QUOTA_MANAGEMENT is not enabled",
"x-example": True,
},
"QUOTA_REGISTRY_SIZE_POLL_PERIOD": {
"type": "int",
"description": "The amount of time between runs of the quota registry size worker in seconds",
"x-example": 30,
},
"FEATURE_EDIT_QUOTA": {
"type": "boolean",
"description": "Allow editing of quota configurations",
"x-example": True,
},
"FEATURE_VERIFY_QUOTA": {
"type": "boolean",
"description": "Allow verification of quota on image push",
"x-example": True,
},
"FEATURE_EXPORT_COMPLIANCE": {
"type": "boolean",
"description": "Use Red Hat Export Compliance Service during Red Hat SSO (only used in Quay.io)",
"x-example": False,
},
"FEATURE_MANIFEST_SUBJECT_BACKFILL": {
"type": "boolean",
"description": "Enable the backfill worker to index existing manifest subjects",
"x-example": True,
},
"UI_V2_FEEDBACK_FORM": {
"type": "string",
"description": "User feedback form for UI-V2",
"x-example": "http://url-for-user-feedback-form.com",
},
"DISABLE_ANGULAR_UI": {
"type": "boolean",
"description": "Disable legacy Angular UI pages and redirects. Defaults to False",
"x-example": False,
},
"FEATURE_UI_V2": {
"type": "boolean",
"description": "Enables user to try the beta UI Environment",
"x-example": False,
},
"FEATURE_UI_MODELCARD": {
"type": "boolean",
"description": "Enables modelcard image tab in UI",
"x-example": False,
},
"UI_MODELCARD_ARTIFACT_TYPE": {
"type": "str",
"description": "Defines the modelcard artifact type",
"x-example": "application/x-mlmodel",
},
"UI_MODELCARD_ANNOTATION": {
"type": "object",
"description": "Defines the layer annotation of the modelcard stored in an OCI image",
"x-example": {},
},
"UI_MODELCARD_LAYER_ANNOTATION": {
"type": "object",
"description": "Defines the layer annotation of the modelcard stored in an OCI image",
"x-example": {"org.opencontainers.image.title": "README.md"},
},
"EXPORT_COMPLIANCE_ENDPOINT": {
"type": "string",
"description": "The Red Hat Export Compliance Service Endpoint (only used in Quay.io)",
"x-example": "export-compliance.com",
},
"CORS_ORIGIN": {
"type": "array",
"description": "Cross-Origin domain to allow requests from",
"x-example": ["localhost:9000", "localhost:8080"],
},
"FEATURE_LISTEN_IP_VERSION": {
"type": "string",
"description": "Enables IPv4, IPv6 or dual-stack networking. Defaults to `IPv4`.",
"x-example": "IPv4",
},
"GLOBAL_READONLY_SUPER_USERS": {
"type": "array",
"description": "Quay usernames of those super users to be granted global readonly privileges",
"uniqueItems": True,
"items": {"type": "string"},
},
"FEATURE_SUPERUSERS_FULL_ACCESS": {
"type": "boolean",
"description": "Grant superusers full access to repositories, registry-wide",
"x-example": False,
},
"FEATURE_SUPERUSERS_ORG_CREATION_ONLY": {
"type": "boolean",
"description": "Whether to only allow superusers to create organizations",
"x-example": False,
},
"FEATURE_RESTRICTED_USERS": {
"type": "boolean",
"description": "Grant non-whitelisted users restricted permissions",
"x-example": False,
},
"RESTRICTED_USERS_WHITELIST": {
"type": "array",
"description": "Whitelisted users to exclude when FEATURE_RESTRICTED_USERS is enabled",
"x-example": ["devtable"],
},
"FEATURE_SECURITY_SCANNER_NOTIFY_ON_NEW_INDEX": {
"type": "boolean",
"description": "Whether to allow sending notifications about vulnerabilities for new pushes",
"x-example": True,
},
"RESET_CHILD_MANIFEST_EXPIRATION": {
"type": "boolean",
"description": "When a manifest list is pushed, reset the expiry of the child manifest tags to become immediately eligible for GC on parent tag deletion",
"x-example": True,
},
"PERMANENTLY_DELETE_TAGS": {
"type": "boolean",
"description": "Enables functionality related to the removal of tags from the time machine window",
"x-example": True,
},
"FEATURE_ENTITLEMENT_RECONCILIATION": {
"type": "boolean",
"description": "Enable reconciler for internal RH marketplace",
"x-example": False,
},
"ENTITLEMENT_RECONCILIATION_USER_ENDPOINT": {
"type": "string",
"description": "Endpoint for internal RH users API",
"x-example": "https://internal-rh-user-endpoint",
},
"ENTITLEMENT_RECONCILIATION_MARKETPLACE_ENDPOINT": {
"type": "string",
"description": "Endpoint for internal RH marketplace API",
"x-example": "https://internal-rh-marketplace-endpoint",
},
# Custom footer links
"FOOTER_LINKS": {
"type": "object",
"description": "Enable customization of footer links in Quay's UI for on-prem installations",
"properties": {
"TERMS_OF_SERVICE_URL": {
"type": "string",
"description": "Custom terms of service for on-prem installations",
"x-example": "https://www.openshift.com/legal/terms",
},
"PRIVACY_POLICY_URL": {
"type": "string",
"description": "Custom privacy policy for on-prem installations",
"x-example": "https://www.redhat.com/en/about/privacy-policy",
},
"SECURITY_URL": {
"type": "string",
"description": "Custom security page for on-prem installations",
"x-example": "https://quay.io/security/",
},
"ABOUT_URL": {
"type": "string",
"description": "Custom about page for on-prem installations",
"x-example": "https://quay.io/about/",
},
},
},
"ROBOTS_DISALLOW": {
"type": "boolean",
"description": "If robot accounts are prevented from any interaction as well as from being created. Defaults to False",
},
"ROBOTS_WHITELIST": {
"type": "array",
"description": "List of robot accounts allowed for example, mirroring. Defaults to empty",
},
"FEATURE_AUTO_PRUNE": {
"type": "boolean",
"description": "Enable functionality related to the auto-pruning of tags",
"x-example": False,
},
"FEATURE_UI_DELAY_AFTER_WRITE": {
"type": "boolean",
"description": "Adds a delay in the UI after each create operation. Useful if quay is reading from a different DB and there is replication delay between the write and read DBs. Defaults to False",
"x-example": False,
},
"UI_DELAY_AFTER_WRITE_SECONDS": {
"type": "int",
"description": "Number of seconds to wait after a write operation in the UI",
"x-example": 3,
},
"NOTIFICATION_MIN_SEVERITY_ON_NEW_INDEX": {
"type": "string",
"description": "Set minimal security level for new notifications on detected vulnerabilities. Avoids creation of large number of notifications after first index.",
"x-example": "High",
},
"FEATURE_ASSIGN_OAUTH_TOKEN": {
"type": "boolean",
"description": "Allows organization administrators to assign OAuth tokens to other users",
"x-example": False,
},
"DEFAULT_NAMESPACE_AUTOPRUNE_POLICY": {
"type": "object",
"description": "Default auto-prune policy applied to all organizations and repositories",
"properties": {
"method": {
"type": "string",
"description": "The method to prune tags by",
"enum": ["number_of_tags", "creation_date"],
"x-example": "number_of_tags",
},
"value": {
"type": ["string", "number"],
"description": "The value for the configured method. For number_of_tags it is a number denoting the number of tags to keep, for creation_date it is a string with the duration to keep tags for",
"x-example": "2d",
},
},
},
"FEATURE_IMAGE_EXPIRY_TRIGGER": {
"type": "boolean",
"description": "Allows users to set up notifications on image expiry",
"x-example": False,
},
"NOTIFICATION_TASK_RUN_MINIMUM_INTERVAL_MINUTES": {
"type": "number",
"description": "Interval in minutes that defines frequency to re-run notifications",
"x-example": 5000,
},
"DISABLE_PUSHES": {
"type": "boolean",
"description": "Only disables pushes of new content to the registry, while retaining all other functionality. Differs from read only mode because database is not set as read-only.",
"x-example": False,
},
"MANIFESTS_ENDPOINT_READ_TIMEOUT": {
"type": "string",
"description": "Nginx read timeout for manifests endpoints used by pulls and pushes",
"x-example": "5m",
},
"FEATURE_SUPERUSER_CONFIGDUMP": {
"type": "boolean",
"description": "Enables a full config dump of the running Framework, environment and schema for validation",
"x-example": False,
},
"FEATURE_OTEL_TRACING": {
"type": "boolean",
"description": "Whether to enable open telemetry tracing on quay",
"x-example": False,
},
"FEATURE_SPARSE_INDEX": {
"type": "boolean",
"description": "Whether to allow sparse manifest indexes where not all architectures are required to be present. When enabled, manifests for architectures not in SPARSE_INDEX_REQUIRED_ARCHS will be skipped if they cannot be loaded. Defaults to False",
"x-example": False,
},
"SPARSE_INDEX_REQUIRED_ARCHS": {
"type": "array",
"description": "List of architectures that are required to be present in manifest indexes when FEATURE_SPARSE_INDEX is enabled. Manifests for architectures not in this list will be skipped if they cannot be loaded.",
"uniqueItems": True,
"items": {"type": "string"},
"x-example": ["amd64", "arm64"],
},
"OTEL_CONFIG": {
"type": "object",
"description": "open telemetry config options",
"properties": {
"service_name": {
"type": "string",
"description": "name of service in otel spans",
"x-example": "quay",
},
"dt_api_url": {
"type": "string",
"description": "url for dynatrace api",
"x-example": "https://dynatrace-api.example",
},
"dt_api_token": {
"type": "string",
"description": "token for dynatrace api",
"x-example": "sometoken",
},
},
},
"OTEL_TRACING_EXCLUDED_URLS": {
"type": "string",
"description": "Comma separated list of urls to exclude from tracing",
"x-example": "api/v1/.*,v2/([^/]+(/[^/]+)+)/(tags|blobs),v2/_catalog,v2/auth",
},
},
"DEBUG": {
"type": "boolean",
"description": "Debug setting for engineering. Defaults to False.",
"x-example": False,
"x-reference": None,
},
"TESTING": {
"type": "boolean",
"description": "Test setting for engineering. Defaults to False.",
"x-example": False,
"x-reference": None,
},
"PROPAGATE_EXCEPTIONS": {
"type": "boolean",
"description": "Unittest Exception handling. Defaults to True",
"x-example": True,
"x-reference": None,
},
"SECRET_KEY": {
"type": "string",
"description": "Key used to encrypt the session cookie and the CSRF token needed for correct interpretation of the user session.",
"x-example": "",
"x-reference": "https://uuidgen.org/v/4",
},
"USE_X_SENDFILE": {
"type": "boolean",
"description": "When serving files, set the X-Sendfile header instead of serving the data with Flask. Defaults to False",
"x-example": False,
"x-reference": "https://flask.palletsprojects.com/en/2.3.x/config/",
},
"APPLICATION_ROOT": {
"type": "string",
"description": "Inform the application what path it is mounted under by the application / web server.",
"x-example": "/",
"x-reference": "https://flask.palletsprojects.com/en/2.3.x/config/",
},
"SESSION_COOKIE_NAME": {
"type": "string",
"description": "The name of the session cookie. Defaults to _csrf_token",
"x-example": "_csrf_token",
"x-reference": "https://flask.palletsprojects.com/en/2.3.x/config/",
},
"SESSION_COOKIE_HTTPONLY": {
"type": "boolean",
"description": "Browsers will not allow JavaScript access to cookies marked as 'HTTP only' for security. Defaults to True",
"x-example": True,
"x-reference": "https://flask.palletsprojects.com/en/2.3.x/config/",
},
"SESSION_COOKIE_SAMESITE": {
"type": "string",
"description": "Restrict how cookies are sent with requests from external sites.",
"x-example": "Lax",
"x-reference": "https://flask.palletsprojects.com/en/2.3.x/config/",
},
"SESSION_REFRESH_EACH_REQUEST": {
"type": "boolean",
"description": "Control whether the cookie is sent with every response when session.permanent is true. Defaults to True",
"x-example": True,
"x-reference": "https://flask.palletsprojects.com/en/2.3.x/config/",
},
"SEND_FILE_MAX_AGE_DEFAULT": {
"type": "number",
"description": "When serving files, set the cache control max age to this number of seconds. Defaults to 0",
"x-example": 0,
"x-reference": "https://flask.palletsprojects.com/en/2.3.x/config/",
},
"TRAP_HTTP_EXCEPTIONS": {
"type": "boolean",
"description": "If there is no handler for an HTTPException-type exception, re-raise it to be handled by the interactive debugger instead of returning it as a simple error response. Defaults to False",
"x-example": False,
"x-reference": "https://flask.palletsprojects.com/en/2.3.x/config/",
},
"EXPLAIN_TEMPLATE_LOADING": {
"type": "boolean",
"description": "Log debugging information tracing how a template file was loaded. Defaults to False",
"x-example": False,
"x-reference": "https://flask.palletsprojects.com/en/2.3.x/config/",
},
"MAX_COOKIE_SIZE": {
"type": "number",
"description": "Warn if cookie headers are larger than this many bytes. Defaults to 4093",
"x-example": 4093,
"x-reference": "https://flask.palletsprojects.com/en/2.3.x/config/",
},
"ACCOUNT_RECOVERY_MODE": {
"type": "boolean",
"description": "Put Quay into Account recovery mode. Defaults to False",
"x-example": False,
"x-reference": None,
},
"ANALYTICS_TYPE": {
"type": "string",
"description": "[QUAY.IO] ANALYTICS_TYPE.",
"x-example": "FakeAnalytics",
"x-reference": None,
},
"AVATAR_COLORS": {
"type": "array",
"description": "Avatar colors.",
"x-example": [
"#969696",
"#aec7e8",
"#ff7f0e",
"#ffbb78",
"#2ca02c",
"#98df8a",
"#d62728",
"#ff9896",
"#9467bd",
"#c5b0d5",
"#8c564b",
"#c49c94",
"#e377c2",
"#f7b6d2",
"#7f7f7f",
"#c7c7c7",
"#bcbd22",
"#1f77b4",
"#17becf",
"#9edae5",
"#393b79",
"#5254a3",
"#6b6ecf",
"#9c9ede",
"#9ecae1",
"#31a354",
"#b5cf6b",
"#a1d99b",
"#8c6d31",
"#ad494a",
"#e7ba52",
"#a55194",
],
"x-reference": None,
},
"BILLING_TYPE": {
"type": "string",
"description": "[QUAY.IO] BILLING_TYPE.",
"x-example": "FakeStripe",
"x-reference": None,
},
"BUILDLOGS_OPTIONS": {
"type": "array",
"description": "[QUAY.IO] BUILDLOGS_OPTIONS.",
"x-example": [],
"x-reference": None,
},
"CHANNEL_COLORS": {
"type": "array",
"description": "Channel colors.",
"x-example": [
"#969696",
"#aec7e8",
"#ff7f0e",
"#ffbb78",
"#2ca02c",
"#98df8a",
"#d62728",
"#ff9896",
"#9467bd",
"#c5b0d5",
"#8c564b",
"#c49c94",
"#e377c2",
"#f7b6d2",
"#7f7f7f",
"#c7c7c7",
"#bcbd22",
"#1f77b4",
"#17becf",
"#9edae5",
"#393b79",
"#5254a3",
"#6b6ecf",
"#9c9ede",
"#9ecae1",
"#31a354",
"#b5cf6b",
"#a1d99b",
"#8c6d31",
"#ad494a",
"#e7ba52",
"#a55194",
],
"x-reference": None,
},
"CHUNK_CLEANUP_QUEUE_NAME": {
"type": "string",
"description": "[QUAY.IO] CHUNK_CLEANUP_QUEUE_NAME.",
"x-example": "chunk_cleanup",
"x-reference": None,
},
"DATA_MODEL_CACHE_CONFIG": {
"type": "object",
"description": "Configure Data model cache.",
"properties": {
"engine": {
"type": "string",
"description": "Cache engine redis/memcache.",
"x-example": "redis",
"x-reference": None,
},
"redis_config": {
"type": "object",
"description": "Redis primary/replica configuration settings.",
"properties": [
{
"primary": {
"type": "object",
"description": "Primary redis configuration",
"properties": [
{
"host": "string",
"description": "hostname or ip address",
"pattern": "RFC822",
},
{
"port": "number",
"description": "port number between 1024 and 65535, defaults to 6379.",
},
{"password": "string", "description": "redis password to connect"},
{
"ssl": "boolean",
"description": "utilize TLS based communication with Redis",
},
],
}
},
{
"replica": {
"type": "object",
"description": "Replica redis configuration",
"properties": [
{
"host": "string",
"description": "hostname or ip address",
"pattern": "RFC822",
},
{
"port": "number",
"description": "port number between 1024 and 65535, defaults to 6379.",
},
{"password": "string", "description": "redis password to connect"},
{
"ssl": "boolean",
"description": "utilize TLS based communication with Redis",
},
],
}
},
],
},
},
"required": ["engine", "redis_config"],
"x-reference": "https://docs.redhat.com/en/documentation/red_hat_quay/3.12/html/configure_red_hat_quay/config-fields-intro#config-fields-modelcache-single-redis",
},
"DEFAULT_LABEL_KEY_RESERVED_PREFIXES": {
"type": "array",
"description": "[QUAY.IO] DEFAULT_LABEL_KEY_RESERVED_PREFIXES.",
"x-example": [
"com.docker.",
"io.docker.",
"org.dockerproject.",
"org.opencontainers.",
"io.cncf.",
"io.kubernetes.",
"io.k8s.",
"io.quay",
"com.coreos",
"com.tectonic",
"internal",
"quay",
],
"x-reference": None,
},
"DISABLED_FOR_AUDIT_LOGS": {
"type": "array",
"description": "Namespace based disabling of audit logs.",
"x-example": [],
"x-reference": None,
},
"DISABLED_FOR_PULL_LOGS": {
"type": "array",
"description": "Namespace based disabling of pull logs.",
"x-example": [],
"x-reference": None,
},
"DOCKERFILE_BUILD_QUEUE_NAME": {
"type": "string",
"description": "[QUAY.IO] DOCKERFILE_BUILD_QUEUE_NAME.",
"x-example": "dockerfilebuild",
"x-reference": None,
},
"EXCEPTION_LOG_TYPE": {
"type": "string",
"description": "[QUAY.IO] EXCEPTION_LOG_TYPE.",
"x-example": "FakeSentry",
"x-reference": None,
},
"EXPIRED_SERVICE_KEY_TTL_SEC": {
"type": "number",
"description": "Time to expire service keys. Defaults to 604800",
"x-example": 604800,
"x-reference": None,
},
"EXPORT_ACTION_LOGS_QUEUE_NAME": {
"type": "string",
"description": "[QUAY.IO] EXPORT_ACTION_LOGS_QUEUE_NAME.",
"x-example": "exportactionlogs",
"x-reference": None,
},
"FEATURE_BILLING": {
"type": "boolean",
"description": "[QUAY.IO] FEATURE_BILLING. Defaults to False",
"x-example": False,
"x-reference": None,
},
"FEATURE_CLEAR_EXPIRED_RAC_ENTRIES": {
"type": "boolean",
"description": "[QUAY.IO] FEATURE_CLEAR_EXPIRED_RAC_ENTRIES. Defaults to False",
"x-example": False,
"x-reference": None,
},
"FEATURE_DISABLE_PULL_LOGS_FOR_FREE_NAMESPACES": {
"type": "boolean",
"description": "Namespace based disabling of pull logs. Defaults to False",
"x-example": False,
"x-reference": None,
},
"FEATURE_GENERAL_OCI_SUPPORT": {
"type": "boolean",
"description": "Enable support for OCI artifacts.. Defaults to True",
"x-example": True,
"x-reference": "https://docs.redhat.com/en/documentation/red_hat_quay/3.12/html/configure_red_hat_quay/config-fields-intro#config-fields-helm-oci",
},
"FEATURE_HELM_OCI_SUPPORT": {
"type": "boolean",
"description": "Enable support for Helm artifacts. Defaults to True",
"x-example": True,
"x-reference": "https://docs.redhat.com/en/documentation/red_hat_quay/3.12/html/configure_red_hat_quay/config-fields-intro#config-fields-legacy",
},
"FEATURE_MANIFEST_SIZE_BACKFILL": {
"type": "boolean",
"description": "[QUAY.IO] FEATURE_MANIFEST_SIZE_BACKFILL. Defaults to True",
"x-example": True,
"x-reference": None,
},
"FEATURE_NAMESPACE_GARBAGE_COLLECTION": {
"type": "boolean",
"description": "[QUAY.IO] FEATURE_NAMESPACE_GARBAGE_COLLECTION. Defaults to True",
"x-example": True,
"x-reference": None,
},
"FEATURE_REPOSITORY_ACTION_COUNTER": {
"type": "boolean",
"description": "[QUAY.IO] FEATURE_REPOSITORY_ACTION_COUNTER. Defaults to True",
"x-example": True,
"x-reference": None,
},
"FEATURE_REPOSITORY_GARBAGE_COLLECTION": {
"type": "boolean",
"description": "[QUAY.IO] FEATURE_REPOSITORY_GARBAGE_COLLECTION. Defaults to True",
"x-example": True,
"x-reference": None,
},
"FEATURE_RH_MARKETPLACE": {
"type": "boolean",
"description": "[QUAY.IO] FEATURE_RH_MARKETPLACE. Defaults to False",
"x-example": False,
"x-reference": None,
},
"FEATURE_SIGNING": {
"type": "boolean",
"description": "Trusted Platform signing. Defaults to False",
"x-example": False,
"x-reference": None,
},
"GARBAGE_COLLECTION_FREQUENCY": {
"type": "number",
"description": "[QUAY.IO] GARBAGE_COLLECTION_FREQUENCY. Defaults to 30",
"x-example": 30,
"x-reference": None,
},
"GREENLET_TRACING": {
"type": "boolean",
"description": "[QUAY.IO] GREENLET_TRACING. Defaults to True",
"x-example": True,
"x-reference": None,
},
"INSTANCE_SERVICE_KEY_EXPIRATION": {
"type": "number",
"description": "Defineexpiration for instance service keys, in minutes. Defaults to 120",
"x-example": 120,
"x-reference": None,
},
"INSTANCE_SERVICE_KEY_KID_LOCATION": {
"type": "string",
"description": "ID of the local instance service key.",
"x-example": "/quay-registry/conf/quay.kid",
"x-reference": None,
},
"INSTANCE_SERVICE_KEY_LOCATION": {
"type": "string",
"description": "The private key of the local instance service key.",
"x-example": "/quay-registry/conf/quay.pem",
"x-reference": None,
},
"INSTANCE_SERVICE_KEY_REFRESH": {
"type": "number",
"description": "Refreshes the instance's active service key in minutes. Defaults to 55",
"x-example": 55,
"x-reference": None,
},
"INSTANCE_SERVICE_KEY_SERVICE": {
"type": "string",
"description": "The name of the instance key's service.",
"x-example": "quay",
"x-reference": None,
},
"JSONIFY_PRETTYPRINT_REGULAR": {
"type": "boolean",
"description": "[OBSOLETE] The default app.json provider has equivalent attributes instead. Defaults to False",
"x-example": False,
"x-reference": "https://flask.palletsprojects.com/en/2.3.x/config/",
},
"LABEL_KEY_RESERVED_PREFIXES": {
"type": "array",
"description": "Reserved Label prefixes, must end in a dot.",
"x-example": [],
"x-reference": None,
},
"LAST_ACCESSED_UPDATE_THRESHOLD_S": {
"type": "number",
"description": "Update the LAST_ACCESSED database column. Defaults to 60 in seconds",
"x-example": 60,
"x-reference": None,
},
"LIBRARY_NAMESPACE": {
"type": "string",
"description": "[QUAY.IO] LIBRARY_NAMESPACE.",
"x-example": "library",
"x-reference": None,
},
"LOCAL_OAUTH_HANDLER": {
"type": "string",
"description": "[QUAY.IO] Endpoint for local OAUTH handling.",
"x-example": "/oauth/localapp",
"x-reference": None,
},
"LOGGING_LEVEL": {
"type": "string",
"description": "Application wide Log level setting.",
"x-example": "DEBUG",
"x-reference": None,
},
"MAIL_FAIL_SILENTLY": {
"type": "boolean",
"description": "[QUAY.IO] MAIL_FAIL_SILENTLY. Defaults to False",
"x-example": False,
"x-reference": None,
},
"NAMESPACE_GC_QUEUE_NAME": {
"type": "string",
"description": "[QUAY.IO] NAMESPACE_GC_QUEUE_NAME.",
"x-example": "namespacegc",
"x-reference": None,
},
"NOTIFICATION_QUEUE_NAME": {
"type": "string",
"description": "[QUAY.IO] NOTIFICATION_QUEUE_NAME.",
"x-example": "notification",
"x-reference": None,
},
"NOTIFICATION_SEND_TIMEOUT": {
"type": "number",
"description": "Notifications timeout independent of the method configured. Defaults to 10",
"x-example": 10,
"x-reference": None,
},
"PAGE_TOKEN_KEY": {
"type": "string",
"description": "PAGE_TOKEN_KEY. Defaults to <Random>",
"x-example": "",
"x-reference": None,
},
"PROMETHEUS_PUSHGATEWAY_URL": {
"type": "string",
"description": "Prometheus PushGateway URL. Defaults to http://localhost:9091",
"x-example": "http://localhost:9091",
"x-reference": None,
},
"PUSH_TEMP_TAG_EXPIRATION_SEC": {
"type": "number",
"description": "Temporary Tag expiration time in seconds. Defaults to 3600",
"x-example": 3600,
"x-reference": None,
},
"QUEUE_METRICS_TYPE": {
"type": "string",
"description": "[QUAY.IO] QUEUE_METRICS_TYPE.",
"x-example": "Null",
"x-reference": None,
},
"QUEUE_WORKER_METRICS_REFRESH_SECONDS": {
"type": "number",
"description": "Watchdog refresh time in seconds for Queue workers . Defaults to 30",
"x-example": 30,
"x-reference": None,
},
"REGISTRY_JWT_AUTH_MAX_FRESH_S": {
"type": "number",
"description": "JWT Authentication fresh time in seconds. Defaults to 3660",
"x-example": 3660,
"x-reference": None,
},
"REPLICATION_QUEUE_NAME": {
"type": "string",
"description": "[QUAY.IO] REPLICATION_QUEUE_NAME.",
"x-example": "imagestoragereplication",
"x-reference": None,
},
"REPOSITORY_GC_QUEUE_NAME": {
"type": "string",
"description": "[QUAY.IO] REPOSITORY_GC_QUEUE_NAME.",
"x-example": "repositorygc",
"x-reference": None,
},
"SECSCAN_V4_NOTIFICATION_QUEUE_NAME": {
"type": "string",
"description": "[QUAY.IO] SECSCAN_V4_NOTIFICATION_QUEUE_NAME.",
"x-example": "secscanv4",
"x-reference": None,
},
"SECURITY_SCANNER_V4_REINDEX_THRESHOLD": {
"type": "number",
"description": "Security Scanner reindexing threshold. Defaults to 86400 seconds",
"x-example": 86400,
"x-reference": None,
},
"SIGNED_GRANT_EXPIRATION_SEC": {
"type": "number",
"description": "Authentication header signatureexpiraton. Defaults to 86400 seconds",
"x-example": 86400,
"x-reference": None,
},
"STAGGER_WORKERS": {
"type": "boolean",
"description": "Stagger workers. Defaults to True",
"x-example": True,
"x-reference": None,
},
"STATUS_TAGS": {
"type": "object",
"description": "[QUAY.IO] STATUS_TAGS.",
"properties": {},
"required": [],
"x-reference": None,
},
"TEAM_SYNC_WORKER_FREQUENCY": {
"type": "number",
"description": "Team syncing worker frequency. Defaults to 60 seconds",
"x-example": 60,
"x-reference": None,
},
"UNAPPROVED_SERVICE_KEY_TTL_SEC": {
"type": "number",
"description": "Time to expire unapproved service keys in seconds. Defaults to 86400",
"x-example": 86400,
"x-reference": None,
},
"USE_CDN": {
"type": "boolean",
"description": "[QUAY.IO] USE_CDN. Defaults to False",
"x-example": False,
"x-reference": None,
},
"DATABASE_SECRET_KEY": {
"type": "string",
"description": "Key used to encrypt sensitive fields within the database.",
"x-example": "",
"x-reference": "https://docs.redhat.com/en/documentation/red_hat_quay/3.12/html/configure_red_hat_quay/config-fields-intro#config-fields-required-general",
},
"DB_CONNECTION_POOLING": {
"type": "boolean",
"description": "Use connection pooling for Database access. Defaults to False",
"x-example": False,
"x-reference": None,
},
"FEATURE_ACI_CONVERSION": {
"type": "boolean",
"description": "Whether to enable conversion to ACIs. Defaults to False",
"x-example": False,
"x-reference": "https://docs.redhat.com/en/documentation/red_hat_quay/3.12/html/configure_red_hat_quay/config-fields-intro#config-fields-aci",
},
"FEATURE_APP_REGISTRY": {
"type": "boolean",
"description": "[QUAY.IO] FEATURE_APP_REGISTRY. Defaults to False",
"x-example": False,
"x-reference": None,
},
"GITLAB_TRIGGER_KIND": {
"type": "object",
"description": "[QUAY.IO] GITLAB_TRIGGER_KIND.",
"properties": {},
"required": [],
"x-reference": None,
},
"MAIL_USE_AUTH": {
"type": "boolean",
"description": "[QUAY.IO] MAIL_USE_AUTH. Defaults to False",
"x-example": False,
"x-reference": None,
},
"SETUP_COMPLETE": {
"type": "boolean",
"description": "[QUAY.IO] SETUP_COMPLETE. Defaults to True",
"x-example": True,
"x-reference": None,
},
"LDAP_ADMIN_DN": {
"type": "string",
"description": "LDAP_ADMIN_DN.",
"x-example": "cn=quay,ou=people,dc=example,dc=com",
"x-reference": None,
},
"LDAP_ADMIN_PASSWD": {
"type": "string",
"description": "LDAP_ADMIN_PASSWD.",
"x-example": "",
"x-reference": None,
},
"LDAP_ALLOW_INSECURE_FALLBACK": {
"type": "boolean",
"description": "LDAP_ALLOW_INSECURE_FALLBACK. Defaults to False",
"x-example": False,
"x-reference": None,
},
"LDAP_BASE_DN": {
"type": "array",
"description": "LDAP_BASE_DN.",
"x-example": ["dc=example", "dc=com"],
"x-reference": None,
},
"LDAP_EMAIL_ATTR": {
"type": "string",
"description": "LDAP_EMAIL_ATTR.",
"x-example": "mail",
"x-reference": None,
},
"LDAP_SECONDARY_USER_RDNS": {
"type": "array",
"description": "LDAP_SECONDARY_USER_RDNS.",
"x-example": ["ou=People,ou=Sales", "ou=People,ou=Engineering"],
"x-reference": None,
},
"LDAP_UID_ATTR": {
"type": "string",
"description": "LDAP_UID_ATTR.",
"x-example": "uid",
"x-reference": None,
},
"LDAP_URI": {
"type": "string",
"description": "LDAP_URI.",
"x-example": "ldaps://ldap.example.com:636",
"x-reference": None,
},
"LDAP_USER_RDN": {
"type": "array",
"description": "LDAP_USER_RDN.",
"x-example": ["ou=team", "ou=people"],
"x-reference": None,
},
"LDAP_SUPERUSER_FILTER": {
"type": "string",
"description": "LDAP_SUPERUSER_FILTER.",
"x-example": "(|(memberOf=cn=quay-superusers,ou=Groups,dc=example,dc=com)(memberOf=cn=quay-readonly-superuser,ou=Groups,dc=example,dc=com))",
"x-reference": None,
},
"LDAP_RESTRICTED_USER_FILTER": {
"type": "string",
"description": "LDAP_RESTRICTED_USER_FILTER.",
"x-example": "(&(memberOf=cn=allusers,ou=Groups,dc=example,dc=com)(!(memberOf=cn=quay-superusers,ou=Groups,dc=example,dc=com)))",
"x-reference": None,
},
"LDAP_FOLLOW_REFERRALS": {
"type": "number",
"description": "LDAP_FOLLOW_REFERRALS. Defaults to 0",
"x-example": 1,
"x-reference": None,
},
"GLOBAL_PROMETHEUS_STATS_FREQUENCY": {
"type": "number",
"description": "Frequency to report metrics to Push gateway. Defaults to 3600 seconds",
"x-example": 3600,
"x-reference": None,
},
}
View Git Blame Copy Permalink