Re: [atomic-devel] full api access from one tool to atomic registry

[Aaron Weitekamp <aweiteka redhat com>]

On Fri, May 13, 2016 at 5:34 PM, Tom McKay <thomasmckay redhat com> wrote:

I would like to allow katello[1] full API access to atomic registry. I don't want to turn off authentication for regular registry users, I just need to allow another tool full "admin" access.

​The full API documentation is here[1]. I recently added some practical usage​ docs using service account tokens. See [2][3].

​[1] http://docs.projectatomic.io/registry/latest/rest_api/openshift_v1.html
[2] https://github.com/openshift/openshift-docs/pull/2014
[3] https://github.com/openshift/openshift-docs/pull/1926
​

 

The other tool, in this case, is pulp. It does not have the ability to specify token/user/pass when it pulls from docker. Katello, which uses pulp as a service, has its own robust access control that its users would need to navigate to get content once it is in pulp.

​If you cannot use docker login authentication watch this pending work.[4]

[4] https://trello.com/c/Ev8y3pC4/651-5-support-unauthenticated-docker-pull
​

 

Remembering that I am _very_ new to atomic registry (ie. tell me exactly what to do to which files how), any suggestions?

Many thanks!


--

@thomasmckay