mirror of
https://github.com/quay/quay.git
synced 2026-01-26 06:21:37 +03:00
d83e2c8647
Implements global read-only superuser permissions for v1 endpoints, adjusts superuser write checks, and updates app token listing and detail endpoints; includes comprehensive tests. --------- Co-authored-by: Claude <noreply@anthropic.com>
123 lines
3.5 KiB
Python
123 lines
3.5 KiB
Python
"""
|
|
Manage repository access tokens (DEPRECATED).
|
|
"""
|
|
|
|
import logging
|
|
|
|
from endpoints.api import (
|
|
RepositoryParamResource,
|
|
nickname,
|
|
path_param,
|
|
require_repo_admin,
|
|
resource,
|
|
validate_json_request,
|
|
)
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
@resource("/v1/repository/<apirepopath:repository>/tokens/")
|
|
@path_param("repository", "The full path of the repository. e.g. namespace/name")
|
|
class RepositoryTokenList(RepositoryParamResource):
|
|
"""
|
|
Resource for creating and listing repository tokens.
|
|
"""
|
|
|
|
schemas = {
|
|
"NewToken": {
|
|
"type": "object",
|
|
"description": "Description of a new token.",
|
|
"required": [
|
|
"friendlyName",
|
|
],
|
|
"properties": {
|
|
"friendlyName": {
|
|
"type": "string",
|
|
"description": "Friendly name to help identify the token",
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
@require_repo_admin(allow_for_superuser=True, allow_for_global_readonly_superuser=True)
|
|
@nickname("listRepoTokens")
|
|
def get(self, namespace_name, repo_name):
|
|
"""
|
|
List the tokens for the specified repository.
|
|
"""
|
|
return {
|
|
"message": "Handling of access tokens is no longer supported",
|
|
}, 410
|
|
|
|
@require_repo_admin(allow_for_superuser=True)
|
|
@nickname("createToken")
|
|
@validate_json_request("NewToken")
|
|
def post(self, namespace_name, repo_name):
|
|
"""
|
|
Create a new repository token.
|
|
"""
|
|
return {
|
|
"message": "Creation of access tokens is no longer supported",
|
|
}, 410
|
|
|
|
|
|
@resource("/v1/repository/<apirepopath:repository>/tokens/<code>")
|
|
@path_param("repository", "The full path of the repository. e.g. namespace/name")
|
|
@path_param("code", "The token code")
|
|
class RepositoryToken(RepositoryParamResource):
|
|
"""
|
|
Resource for managing individual tokens.
|
|
"""
|
|
|
|
schemas = {
|
|
"TokenPermission": {
|
|
"type": "object",
|
|
"description": "Description of a token permission",
|
|
"required": [
|
|
"role",
|
|
],
|
|
"properties": {
|
|
"role": {
|
|
"type": "string",
|
|
"description": "Role to use for the token",
|
|
"enum": [
|
|
"read",
|
|
"write",
|
|
"admin",
|
|
],
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
@require_repo_admin(allow_for_superuser=True, allow_for_global_readonly_superuser=True)
|
|
@nickname("getTokens")
|
|
def get(self, namespace_name, repo_name, code):
|
|
"""
|
|
Fetch the specified repository token information.
|
|
"""
|
|
return {
|
|
"message": "Handling of access tokens is no longer supported",
|
|
}, 410
|
|
|
|
@require_repo_admin(allow_for_superuser=True)
|
|
@nickname("changeToken")
|
|
@validate_json_request("TokenPermission")
|
|
def put(self, namespace_name, repo_name, code):
|
|
"""
|
|
Update the permissions for the specified repository token.
|
|
"""
|
|
return {
|
|
"message": "Handling of access tokens is no longer supported",
|
|
}, 410
|
|
|
|
@require_repo_admin(allow_for_superuser=True)
|
|
@nickname("deleteToken")
|
|
def delete(self, namespace_name, repo_name, code):
|
|
"""
|
|
Delete the repository token.
|
|
"""
|
|
return {
|
|
"message": "Handling of access tokens is no longer supported",
|
|
}, 410
|