-
Notifications
You must be signed in to change notification settings - Fork 63
ACL Design Doc (WIP)
shane_canon edited this page Feb 11, 2016
·
2 revisions
Currently Shifter has stubs for ACLs but they are not implemented. This document will attempt to capture the requirements and the initial implementation
- Users should be able to have private images that they can control who has access to by user or group.
- Dockerhub images that require authentication should remain protected after being pulled down by shifter
- Dockerhub images that are public should not be able to mark as private (e.g. user canon shouldn't be able to make ubuntu:latest private)
- The user can specify the ACLs as part of the pull request
- (Unknown) What level of ACLs are needed (read, write, admin)?
- The ACLs will be stored in the mongo store by the imagegw.
- (Option) The imagegw will write out the ACLs in the meta file.
- udiRoot will contact the imagegw for ACLs or could read them from the meta file
- udiRoot will be responsible for enforcing the ACLs since only it has access to the images
TODO