Skip to content
This repository has been archived by the owner on Apr 17, 2023. It is now read-only.

Unable to delete repository & tags #2335

Open
miraclecoco opened this issue Jan 29, 2021 · 2 comments
Open

Unable to delete repository & tags #2335

miraclecoco opened this issue Jan 29, 2021 · 2 comments
Labels
stale

Comments

@miraclecoco
Copy link

miraclecoco commented Jan 29, 2021
edited
Loading

I was properly installed Portus and Registry. But I can't delete the pushed repository and one of its tags, after that, I was accessing the registry logs, it reports an error insufficient scope. I have audited the Portus source code, but I can't figure out what the problem caused.

Here's my compose file

image

It works properly

image

Response from https://registry.docker.local:5002/v2/token?account=portus&scope=repository%3Amariadb%3Aall&service=registry.docker.local%3A5000

image
image

Response from https://registry.docker.local:5002/v2/token?account=portus&scope=repository%3Amariadb%3Adelete&service=registry.docker.local%3A5000

image
image

Here's HTTP handler shown in app/controllers/api/v2/tokens_controller.rb

image

and related policy shown in app/policies/namespace_policy.rb

image

The key to the problem is policy delete? is an alias to all? and It will work properly when I request all action. But, when I request delete action, It responded I an empty access list. I think some magic procedure performed here, but I can't find it.
@miraclecoco
Copy link
Author

miraclecoco commented Jan 29, 2021
edited
Loading

I've tried to test all permissions that info 'NamespacePolicy' with request https://registry.docker.local:5002/v2/token?account=portus&scope=repository%3Amariadb%3Aowner,show,push,pull,index,create,destroy,update,all,change_visibility,change_team,owner,contributor,viewer,member&service=registry.docker.local%3A5000

It responded

{"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IkhBU1c6UFBHVDpGT0FCOkQyT0U6RzRGQzpJVk9FOkpBVkw6SzZZSTpXQU01Ok1VSFI6SzJBWTpTQzI3In0.eyJpc3MiOiJyZWdpc3RyeS5kb2NrZXIubG9jYWwiLCJzdWIiOiJwb3J0dXMiLCJhdWQiOiJyZWdpc3RyeS5kb2NrZXIubG9jYWw6NTAwMCIsImlhdCI6MTYxMTkyMzMzMywibmJmIjoxNjExOTIzMzI4LCJleHAiOjE2MTE5MjM2MzMsImp0aSI6IngyWlllSE5NeXlxZldDdThzaWRicGpTQ0Z0bUhEQVd4eVQxOWZoRXl5TiIsImFjY2VzcyI6W3sidHlwZSI6InJlcG9zaXRvcnkiLCJuYW1lIjoibWFyaWFkYiIsImFjdGlvbnMiOlsic2hvdyIsInB1c2giLCJwdWxsIiwiaW5kZXgiLCJjcmVhdGUiLCJ1cGRhdGUiLCJhbGwiLCJjaGFuZ2VfdmlzaWJpbGl0eSIsImNoYW5nZV90ZWFtIl19XX0.uciId9AKi9bPWlKyHYMLIaa6-g0hgpWhf9IGnHPsSGkDeZZ_Wz-d50UeerXEi7_To9168ToG_xQpFgmjmUiLZhXt6Fz1eNZqCcgiYIgEhBBzxEbkOJBvh0B8OmC-ossCxKgQ-Ob0akBsEeUL96mZ-NEI9EAlzF9UjQpoDC7MZ6KeJrlyq7bPlT2oa_yyg2gV-knnUiBUdoLBMPOAksd3oo22Oub9HOU2CYudNBfH5j6JNwMl_VbBBJB4ZhG_J_0o9HQ9chNZzdOPQL_VptFyBN7-3EuXZtgBHt18-zvFkwLlLsXozEBxNbT9e5OOcQB7dt2jcpYz7n1zLFWNnKU7jA","expires_in":300,"issued_at":"2021-01-29T12:28:53+00:00"}

and the payload decoded from Jwt token

{
  "iss": "registry.docker.local",
  "sub": "portus",
  "aud": "registry.docker.local:5000",
  "iat": 1611923333,
  "nbf": 1611923328,
  "exp": 1611923633,
  "jti": "x2ZYeHNMyyqfWCu8sidbpjSCFtmHDAWxyT19fhEyyN",
  "access": [
    {
      "type": "repository",
      "name": "mariadb",
      "actions": [
        "show",
        "push",
        "pull",
        "index",
        "create",
        "update",
        "all",
        "change_visibility",
        "change_team"
      ]
    }
  ]
}

but delete did not appear in the access list.

@stale
Copy link

stale bot commented Jan 9, 2022

Thanks for all your contributions!
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

@stale stale bot added the stale label Jan 9, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@miraclecoco