Closed gldraphael closed 8 months ago
/cc @johnsonshi
Yes indeed. The built in scope map only assigns content_read
and not metadata_read
, which means they can pull but not list.
Creating a custom scope map that has both content_read
and metadata_read
is limited by the fact that you need to list every repo.
I hear you and see the validity of option A as without it, there's no way to have a scope map that encompasses all repos, and allows pulls and listing. Let me do some further investigation. Thanks
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.
This issue was closed because it has been stalled for 30 days with no activity.
What is the problem you're trying to solve Make it easy for
fluxcd
to be able to pull any image/chart from an ACR.The problem right now:
_repositories_pull
only allows pull operations.fluxcd
like tools require you to also be able to read tags which needsmetadata/read
in addition tocontent/read
.Describe the solution you'd like
Option A: Add a new built-in scope-map
repositories_pull_read
or something similar, that can pull and read any repository. Option B: Add support for a*
wildcard for user-defined respository scope-maps so that users can create a scope-map with any permission combination as they'd like.