Ensure that container-push repo endpoint is read-only
It is possible to create and delete push repositories using API. It doesn't make sense, it doesn't benefit users in any way, it only potentially creates problems and adds complexity to the code and future RBAC.
Push repositories are automatically created during docker/podman push as a part of distribution creation. Push repositories are automatically removed when their distributions are removed.
#3 Updated by email@example.com about 2 months ago
- Status changed from CLOSED - NOTABUG to NEW
I am re-opening this bug. Users not should be able to create push repos via api. A distribution should be created instead and if needed assign needed permissions ahead of push operation. Push-repo will be created only during 'podman push' operation or alongside with the distribution creation.
Please register to edit this issue