docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #797 from docker/dtr-2.6-updates 

Add a Repository Info page
This commit is contained in:
Justin I. Nevill 2018-10-26 14:10:57 -04:00 committed by GitHub
parent af40416cb8 09b0ab55d6
commit 67097185f9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 135 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
_data/toc.yaml
View File

@ -2392,6 +2392,8 @@ manuals:
section:
- path: /ee/dtr/user/manage-images/
title: Create a repository
- path: /ee/dtr/user/review-repository-info/
title: Review repository info
- path: /ee/dtr/user/manage-images/pull-and-push-images/
title: Pull and push images
- path: /ee/dtr/user/manage-images/delete-images/
@ -2425,7 +2427,7 @@ manuals:
- sectiontitle: Manage repository events
section:
- title: Audit repository events
path: /ee/dtr/user/manage-repository-events/
path: /ee/dtr/user/audit-repository-events/
- title: Auto-delete repository events
path: /ee/dtr/admin/configure/auto-delete-repo-events/
- path: /ee/dtr/user/create-and-manage-webhooks/

BIN
ee/dtr/images/immutable-repo-0.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
ee/dtr/images/immutable-repo-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 95 KiB

2
ee/dtr/user/manage-images/index.md
View File

@ -57,4 +57,4 @@ name of our repository will be `dtr-example.com/test-user-1/wordpress`.
## Where to go next
- [Pull and push images](pull-and-push-images.md)
- [Review repository info](review-repository-info.md)

46
ee/dtr/user/manage-images/prevent-tags-from-being-overwritten.md
View File

@ -1,34 +1,48 @@
---
title: Prevent tags from being overwritten
description: Learn how to make your tags immutable and don't allow users to
overwrite a tag if it already exists
description: Learn how to make your tags immutable and prevent users from
overwriting a tag if it already exists
keywords: registry, immutable
---
{% assign domain="dtr.example.org" %}
{% assign domain="dtr-example.com" %}
{% assign org="library" %}
{% assign repo="wordpress" %}
{% assign tag="latest" %}
By default, users with access to push to a repository, can push the same tag
multiple times to the same repository.
As an example, a user pushes an image to `{{ org }}/{{ repo }}:{{ tag }}`, and later another
user can push the image with exactly the same name but different functionality.
This might make it difficult to trace back the image to the build that generated
By default, users with [read and write access](../../admin/manage-users/permission-levels/) to a repository can push the same tag
multiple times to that repository. For example, when ***user A*** pushes an image to `{{ org }}/{{ repo }}:{{ tag }}`, there is no preventing ***user B***
from pushing an image with the same name but a completely different functionality. This can make it difficult to trace the image back to the build that generated
it.
To prevent this from happening, you can configure a repository to be immutable.
Once you push a tag, DTR won't allow anyone else to push another tag with the same
name.
To prevent tags from being overwritten, you can configure a repository to be immutable.
Once configured, DTR will not allow anyone else to push another image tag with the same name.
## Make tags immutable
To make tags immutable, in the **DTR web UI**, navigate to the
**repository settings** page, and change **Immutability** to **On**.
You can enable tag immutability on a repository when you create it, or at any time after.
![](../../images/immutable-repo-1.png){: .with-border}
### New Repository
From now on, users will get an error message when trying to push a tag
If you're not already logged in, navigate to `https://<dtr-url>`and log in with your UCP credentials. To make tags immutable on a new repository, do the following:
1. Follow the steps in [Create a repository](../manage-images/).
2. Click **Show advanced settings**, and turn on **Immutability**. Note that tag limits are enabled when immutability is enabled for a repository.
### Existing Repository
1. Select **Repositories** on the left navigation pane, and then click on the name of the repository that you want to view. Note that you will have to click on the repository name following the `/` after the specific namespace for your repository.
![](../../images/immutable-repo-0.png){: .img-fluid .with-border}
2. Select the **Settings** tab, and turn on **Immutability**.
![](../../images/immutable-repo-2.png){: .with-border}
From now on, you will get an error message when trying to push a tag
that already exists:
```bash
@ -38,4 +52,4 @@ unknown: tag={{ tag }} cannot be overwritten because {{ domain }}/{{ org }}/{{ r
## Where to go next
- [Sign images](sign-images/index.md)
- [Sign images](sign-images/index.md)

36
ee/dtr/user/manage-images/review-repository-info.md Normal file
View File

@ -0,0 +1,36 @@
---
title: Review Repository Info
description: View your repository permissions.
keywords: dtr, repository, permissions
---
> BETA DISCLAIMER
>
> This is beta content. It is not yet complete and should be considered a work in progress. This content is subject to change without notice.
The **Repository Info** tab includes the following details:
* README (which you can [edit if you have admin rights to the repository](../../admin/manage-users/permission-levels/#team-permission-levels))
* Docker Pull Command
* Your repository permissions
To learn more about pulling images, see [Pull and Push Images](pull-and-push-images.md). To review your repository permissions, do the following:
1. Navigate to `https://<dtr-url>`and log in with your UCP credentials.
2. Select **Repositories** on the left navigation pane, and then click on the name of the repository that you want to view. Note that you will have to click on the repository name following the `/` after the specific namespace for your repository.
![](../../images/tag-pruning-0.png){: .img-fluid .with-border}
3. You should see the **Info** tab by default. Notice **Your Permission** under **Docker Pull Command**.
4. Hover over the question mark next to [your permission level](../../admin/manage-users/permission-levels/) to view the list of repository events you have access to.
![](../../images/manage-repo-events-2.png){: .img-fluid .with-border}
> Limitations
>
> Your permissions list may include repository events that are not displayed in the **Activity** tab. It is also not an exhaustive list of event types displayed on your activity stream. To learn more about repository events, see [Audit Repository Events](../manage-repository-events/audit-repository-events).
## Where to go next
- [Pull and push images](pull-and-push-images.md)

81
ee/dtr/user/manage-repository-events.md
View File

@ -1,81 +0,0 @@
---
title: Manage Repository Events
description: View a list of image events happening within a repository.
keywords: registry, events, log, activity stream
---
> BETA DISCLAIMER
>
> This is beta content. It is not yet complete and should be considered a work in progress. This content is subject to change without notice.
## Overview
Starting in DTR 2.6, each repository page includes an **Activity** tab which displays a sortable and paginated list of the most recent events within the repository. This offers better visibility along with the ability to audit events. Event types listed will vary according to your [repository permission level](../admin/manage-users/permission-levels/). Additionally, DTR admins can [enable auto-deletion of repository events](../admin/configure/auto-delete-repo-events/) as part of maintenance and cleanup.
In the following section, we will show you how to:
* Review actions or events that you have access to
* View the list of events in a repository, including event types associated with your permission level
## Review Repository Permissions
To review the type of events you have access to, do the following:
1. Navigate to `https://<dtr-url>`and log in with your UCP credentials.
2. Select **Repositories** on the left navigation pane, and then click on the name of the repository that you want to view. Note that you will have to click on the repository name following the `/` after the specific namespace for your repository.
![](../images/tag-pruning-0.png){: .img-fluid .with-border}
3. You should see the **Info** tab by default. Notice **Your Permission** under **Docker Pull Command**.
4. Hover over the question mark next to [your permission level](../admin/manage-users/permission-levels/) to view the list of repository events you have access to.
![](../images/manage-repo-events-2.png){: .img-fluid .with-border}
> KNOWN LIMITATIONS
>
> Your repository permissions list may include events that are not displayed in the **Activity** tab. It is also not an exhaustive list of event types on your activity stream.
## View List of Events
As of DTR 2.3, admins were able to view a list of DTR events [using the API](https://docs.docker.com/datacenter/dtr/2.3/reference/api/#!/events/GetEvents). DTR 2.6 improves on that feature by showing a permission-based events list for each repository page on the user interface. To view the list of events within a repository, select the **Activity** tab. You should see a paginated list of the latest events based on your repository permission level. By default, **Activity** shows the latest `10` events and excludes pull events, which are only visible to repository and DTR admins.
* If you're a repository or a DTR admin, uncheck "Exclude pull" to view pull events. This should give you a better understanding of who is consuming your images.
* To update your event view, select a different time filter from the drop-down list.
![](../images/manage-repo-events-0.png){: .img-fluid .with-border}
### Activity Stream
The following table breaks down the data included in an event and uses the highlighted "Create Promotion Policy" event as an example.
| Event Detail | Description | Example |
|:----------------|:-------------------------------------------------|:--------|
| Label | Friendly name of the event. | `Create Promotion Policy`
| Repository | This will always be the repository in review following the `<user-or-org>/<repository_name>` convention outlined in [Create a Repository](../user/manage-images/#create-a-repository). | `test-org/test-repo-1` |
| Tag | Tag affected by the event, when applicable. | `test-org/test-repo-1:latest` where `latest` is the affected tag|
| SHA | The [digest value](/registry/spec/api/#content-digests) for `CREATE` operations such as creating a new image tag or a promotion policy. | `sha256:bbf09ba3` |
| Type | Event type. Possible values are: `CREATE`, `GET`, `UPDATE`, `DELETE`, `SEND`, `FAIL` and `SCAN` | `CREATE` |
| Initiated by | The actor responsible for the event. For user-initiated events, this will reflect the user ID and link to that user's profile. For image events triggered by a policy &ndash; pruning, pull / push mirroring, or promotion &ndash; this will reflect the relevant policy ID except for manual promotions where it reflects `PROMOTION MANUAL_P`, and link to the relevant policy page. Other event actors may not include a link. | `PROMOTION CA5E7822` |
| Date and Time | When the event happened in your configured time zone. | `9/13/2018 9:59 PM` |
### Event Audits
Given the level of detail on each event, it should be easy for DTR and security admins to determine what events have taken place inside of DTR. For example, when an image which shouldnt have been deleted ends up getting deleted, the security admin can determine when and who initiated the deletion.
### Event Permissions
For more details on different permission levels within DTR, see [Authentication and authorization in DTR](../admin/manage-users/) to understand the minimum level required to view the different repository events.
| Repository Event | Description | Minimum Permission Level |
|:----------------|:---------------------------------------------------| :----------------|
| Push | Refers to "Create Manifest" and "Update Tag" events. Learn more about [pushing images](../user/manage-images/pull-and-push-images/#push-the-image). | Authenticated Users |
| Scan | Requires [security scanning to be set up](../admin/configure/set-up-vulnerability-scans/) by a DTR admin. Once enabled, this will display as a `SCAN` event type. | Authenticated Users |
| Promotion | Refers to a "Create Promotion Policy" event which links to the **Promotions** tab of the repository where you can edit the existing promotions. See [Promotion Policies](../user/promotion-policies/) for different ways to promote an image. | Repository Admin |
| Delete | Refers to "Delete Tag" events. Learn more about [deleting images](../user/manage-images/pull-and-push-images/#delete-images). | Authenticated Users |
| Pull | Refers to "Get Tag" events. Learn more about [pulling images](../user/manage-images/pull-and-push-images/#pull-the-image). | Repository Admin |
| Mirror |Refers to "Pull mirroring" and "Push mirroring" events. See [Mirror images to another registry](../user/promotion-policies/#mirror-images-to-another-registry) and [Mirror images from another registry](../user/promotion-policies/#mirror-images-from-another-registry) for more details. | Repository Admin |
| Create repo | Refers to "Create Repository" events. See [Create a repository](../user/manage-images/) for more details. | Authenticated Users |
## Where to go next
- [Enable auto-deletion of repository events](../admin/configure/auto-delete-repo-events.md)

65
ee/dtr/user/manage-repository-events/audit-repository-events.md Normal file
View File

@ -0,0 +1,65 @@
---
title: Audit Repository Events
description: View and audit your repository events.
keywords: dtr, events, log, activity stream
---
> BETA DISCLAIMER
>
> This is beta content. It is not yet complete and should be considered a work in progress. This content is subject to change without notice.
## Overview
Starting in DTR 2.6, each repository page includes an **Activity** tab which displays a sortable and paginated list of the most recent events within the repository. This offers better visibility along with the ability to audit events. Event types listed will vary according to your [repository permission level](../../admin/manage-users/permission-levels/). Additionally, DTR admins can [enable auto-deletion of repository events](../../admin/configure/auto-delete-repo-events/) as part of maintenance and cleanup.
In the following section, we will show you how to view and audit the list of events in a repository. We will also cover the event types associated with your permission level.
## View List of Events
As of DTR 2.3, admins were able to view a list of DTR events [using the API](../../../../datacenter/dtr/2.3/reference/api/#!/events/GetEvents). DTR 2.6 enhances that feature by showing a permission-based events list for each repository page on the web interface. To view the list of events within a repository, do the following:
1. Navigate to `https://<dtr-url>`and log in with your UCP credentials.
2. Select **Repositories** on the left navigation pane, and then click on the name of the repository that you want to view. Note that you will have to click on the repository name following the `/` after the specific namespace for your repository.
3. Select the **Activity** tab. You should see a paginated list of the latest events based on your repository permission level. By default, **Activity** shows the latest `10` events and excludes pull events, which are only visible to repository and DTR admins.
* If you're a repository or a DTR admin, uncheck "Exclude pull" to view pull events. This should give you a better understanding of who is consuming your images.
* To update your event view, select a different time filter from the drop-down list.
![](../../images/manage-repo-events-0.png){: .img-fluid .with-border}
### Activity Stream
The following table breaks down the data included in an event and uses the highlighted "Create Promotion Policy" event as an example.
| Event Detail | Description | Example |
|:----------------|:-------------------------------------------------|:--------|
| Label | Friendly name of the event. | `Create Promotion Policy`
| Repository | This will always be the repository in review following the `<user-or-org>/<repository_name>` convention outlined in [Create a Repository](../manage-images/#create-a-repository). | `test-org/test-repo-1` |
| Tag | Tag affected by the event, when applicable. | `test-org/test-repo-1:latest` where `latest` is the affected tag|
| SHA | The [digest value](../../../../registry/spec/api/#content-digests) for `CREATE` operations such as creating a new image tag or a promotion policy. | `sha256:bbf09ba3` |
| Type | Event type. Possible values are: `CREATE`, `GET`, `UPDATE`, `DELETE`, `SEND`, `FAIL` and `SCAN` | `CREATE` |
| Initiated by | The actor responsible for the event. For user-initiated events, this will reflect the user ID and link to that user's profile. For image events triggered by a policy &ndash; pruning, pull / push mirroring, or promotion &ndash; this will reflect the relevant policy ID except for manual promotions where it reflects `PROMOTION MANUAL_P`, and link to the relevant policy page. Other event actors may not include a link. | `PROMOTION CA5E7822` |
| Date and Time | When the event happened in your configured time zone. | `9/13/2018 9:59 PM` |
### Event Audits
Given the level of detail on each event, it should be easy for DTR and security admins to determine what events have taken place inside of DTR. For example, when an image which shouldnt have been deleted ends up getting deleted, the security admin can determine when and who initiated the deletion.
### Event Permissions
For more details on different permission levels within DTR, see [Authentication and authorization in DTR](../../admin/manage-users/) to understand the minimum level required to view the different repository events.
| Repository Event | Description | Minimum Permission Level |
|:----------------|:---------------------------------------------------| :----------------|
| Push | Refers to "Create Manifest" and "Update Tag" events. Learn more about [pushing images](../manage-images/pull-and-push-images/#push-the-image). | Authenticated Users |
| Scan | Requires [security scanning to be set up](../../admin/configure/set-up-vulnerability-scans/) by a DTR admin. Once enabled, this will display as a `SCAN` event type. | Authenticated Users |
| Promotion | Refers to a "Create Promotion Policy" event which links to the **Promotions** tab of the repository where you can edit the existing promotions. See [Promotion Policies](../promotion-policies/) for different ways to promote an image. | Repository Admin |
| Delete | Refers to "Delete Tag" events. Learn more about [deleting images](../manage-images/delete-images). | Authenticated Users |
| Pull | Refers to "Get Tag" events. Learn more about [pulling images](../manage-images/pull-and-push-images/#pull-an-image). | Repository Admin |
| Mirror |Refers to "Pull mirroring" and "Push mirroring" events. See [Mirror images to another registry](../promotion-policies/#mirror-images-to-another-registry) and [Mirror images from another registry](../promotion-policies/#mirror-images-from-another-registry) for more details. | Repository Admin |
| Create repo | Refers to "Create Repository" events. See [Create a repository](../manage-images/) for more details. | Authenticated Users |
## Where to go next
- [Enable auto-deletion of repository events](../../admin/configure/auto-delete-repo-events.md)