mirror of
https://github.com/quay/quay.git
synced 2026-01-27 18:42:52 +03:00
f2c4375f65
introduces a check of the OrganizationMemberPermission for pulls against a proxy org. if the proxy cache feature is disabled, or the org is not a proxy org the check is not performed and Quay will behave normally. this check does not mean pulls will work transparently though - non-admin users need to be added to a team in the proxy org with the member role, and default read and write permissions need to be given to that team so that non-admin users can pull and update the cache for images they do not own (the user who first pulls an image ends up owning the repository since that is when the repo gets created).
72 lines
2.0 KiB
Python
72 lines
2.0 KiB
Python
from data.database import ProxyCacheConfig, User, DEFAULT_PROXY_CACHE_EXPIRATION
|
|
from data.model import InvalidProxyCacheConfigException
|
|
from data.model.organization import get_organization
|
|
|
|
|
|
def has_proxy_cache_config(org_name):
|
|
try:
|
|
get_proxy_cache_config_for_org(org_name)
|
|
except InvalidProxyCacheConfigException:
|
|
return False
|
|
return True
|
|
|
|
|
|
def create_proxy_cache_config(
|
|
org_name,
|
|
upstream_registry,
|
|
upstream_registry_username=None,
|
|
upstream_registry_password=None,
|
|
expiration_s=DEFAULT_PROXY_CACHE_EXPIRATION,
|
|
insecure=False,
|
|
):
|
|
"""
|
|
Creates proxy cache configuration for the given organization name
|
|
"""
|
|
org = get_organization(org_name)
|
|
|
|
new_entry = ProxyCacheConfig.create(
|
|
organization=org,
|
|
upstream_registry=upstream_registry,
|
|
upstream_registry_username=upstream_registry_username,
|
|
upstream_registry_password=upstream_registry_password,
|
|
expiration_s=expiration_s,
|
|
insecure=insecure,
|
|
)
|
|
|
|
return new_entry
|
|
|
|
|
|
def get_proxy_cache_config_for_org(org_name):
|
|
"""
|
|
Return the Proxy-Cache-Config associated with the given organization name.
|
|
Raises InvalidProxyCacheConfigException if org_name belongs to a user, or
|
|
if org_name has no associated config.
|
|
"""
|
|
try:
|
|
return (
|
|
ProxyCacheConfig.select()
|
|
.join(User)
|
|
.where((User.username == org_name) & (User.organization == True))
|
|
.get()
|
|
)
|
|
except ProxyCacheConfig.DoesNotExist as e:
|
|
raise InvalidProxyCacheConfigException(str(e))
|
|
|
|
|
|
def delete_proxy_cache_config(org_name):
|
|
"""
|
|
Delete proxy cache configuration for the given organization name
|
|
"""
|
|
org = get_organization(org_name)
|
|
|
|
try:
|
|
config = (ProxyCacheConfig.select().where(ProxyCacheConfig.organization == org.id)).get()
|
|
except ProxyCacheConfig.DoesNotExist:
|
|
return False
|
|
|
|
if config is not None:
|
|
ProxyCacheConfig.delete().where(ProxyCacheConfig.organization == org.id).execute()
|
|
return True
|
|
|
|
return False
|