docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'repo-events-log-682' of github.com:docker/docs-private into repo-events-log-682

This commit is contained in:
Maria Bermudez 2018-09-21 17:02:38 -07:00
parent 8c81515aa9 543d660704
commit fd9d5bc7eb
3 changed files with 30 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ee/dtr/admin/configure/auto-delete-repo-events.md
View File

@ -31,7 +31,7 @@ DTR allows you to set your deletion triggers based on the following optional eve
| Name | Description | Example |
|:----------------|:---------------------------------------------------| :----------------|
| Age | Lets you remove events older than your specified number of hours, days, weeks or months| `2 months` |
| Max number of events | Lets you specify the maximum number of events allowed in the repositories. | Component name starts with `b` |
| Max number of events | Lets you specify the maximum number of events allowed in the repositories. | `6000` |
If you specify both, events in your repositories will be removed during garbage collection if either condition is met. You should see a "settings saved successfully" confirmation right away.

18
ee/dtr/admin/manage-users/permission-levels.md
View File

@ -7,15 +7,15 @@ keywords: registry, security, permissions
Docker Trusted Registry allows you to define fine-grain permissions over image
repositories.
## Administrator users
## Administrators
Users are shared across UCP and DTR. When you create a new user in Docker
Universal Control Plane, that user becomes available in DTR and vice versa.
When you create an administrator user in DTR, the user has permissions to:
When you create a trusted admin in DTR, the admin has permissions to manage:
* Manage users across UCP and DTR,
* Manage DTR repositories and settings,
* Manage UCP resources and settings.
* Users across UCP and DTR
* DTR repositories and settings
* UCP resources and settings
## Team permission levels
@ -41,10 +41,10 @@ have the highest permission level defined by those teams.
Here's an overview of the permission levels available in DTR:
* Anonymous users: Can search and pull public repositories.
* Users: Can search and pull public repos, and create and manage their own repositories.
* Team member: Everything a user can do, plus the permissions granted by the teams the user is member of.
* Organization owner: Can manage repositories and teams for the organization.
* Anonymous or unauthenticated Users: Can search and pull public repositories.
* Authenticated Users: Can search and pull public repos, and create and manage their own repositories.
* Team Member: Everything a user can do, plus the permissions granted by the team the user is a member of.
* Organization Owner: Can manage repositories and teams for the organization.
* Admin: Can manage anything across UCP and DTR.
## Where to go next

39
ee/dtr/user/manage-repository-events.md
View File

@ -10,19 +10,25 @@ keywords: registry, events, log, activity stream
## Overview
Actions are events which happen to a particular image within a particular repository. To provide better visibility into these events, DTR 2.6 now includes an **Activity** tab on each repository displaying a sortable paginated list of the most recent events. Event types listed will vary according to your [repository permission level](../admin/manage-users/permission-levels/). Additionally, DTR administrators can [enable auto-deletion of repository events](../admin/configure/auto-delete-repo-events/) as part of maintenance and cleanup.
Starting in DTR 2.6, each repository page includes an **Activity** tab which displays a sortable and paginated list of the most recent events within the repository. This offers better visibility along with the ability to audit events. Event types listed will vary according to your [repository permission level](../admin/manage-users/permission-levels/). Additionally, DTR admins can [enable auto-deletion of repository events](../admin/configure/auto-delete-repo-events/) as part of maintenance and cleanup.
In the following section, we will show you how to:
* Review actions or events that you have access to
* View the list of events in a repository, including <a href="#event-types">event types</a> associated with your permission level
* View the list of events in a repository, including event types associated with your permission level
## Review Repository Permissions
To review the type of events you have access to, do the following:
1. Navigate to the **Info** tab.
2. Notice **Your Permission** under **Docker Pull Command**.
3. Hover over the question mark next to [your permission level](../admin/manage-users/permission-levels/) to view the list of repository events you have access to.
1. Navigate to `https://<dtr-url>`and log in with your UCP credentials.
2. Select **Repositories** on the left navigation pane, and then click on the name of the repository that you want to view. Note that you will have to click on the repository name following the `/` after the specific namespace for your repository.
![](../images/tag-pruning-0.png){: .img-fluid .with-border}
3. You should see the **Info** tab by default. Notice **Your Permission** under **Docker Pull Command**.
4. Hover over the question mark next to [your permission level](../admin/manage-users/permission-levels/) to view the list of repository events you have access to.
![](../images/manage-repo-events-2.png){: .img-fluid .with-border}
@ -32,14 +38,7 @@ To review the type of events you have access to, do the following:
## View List of Events
To view the list of events within a repository, do the following:
1. Navigate to `https://<dtr-url>`and log in with your UCP credentials.
2. Select **Repositories** on the left navigation pane, and then click on the name of the repository that you want to view. Note that you will have to click on the repository name following the `/` after the specific namespace for your repository.
![](../images/tag-pruning-0.png){: .img-fluid .with-border}
3. Select the **Activity** tab. You should see a paginated list of the latest events based on your repository permission level. By default, **Activity** shows the latest `10` events and excludes pull events, which are only visible to repository and DTR administrators.
To view the list of events within a repository, select the **Activity** tab. You should see a paginated list of the latest events based on your repository permission level. By default, **Activity** shows the latest `10` events and excludes pull events, which are only visible to repository and DTR admins.
* If you're a repository or a DTR admin, uncheck "Exclude pull" to view pull events. This should give you a better understanding of who is consuming your images.
* To update your event view, select a different time filter from the drop-down list.
@ -47,22 +46,24 @@ To view the list of events within a repository, do the following:
### Activity Stream
First, let's break down the data included in an event. We will use the highlighted "Create Promotion Policy" event as our example.
Let's break down the data included in an event. We will use the highlighted "Create Promotion Policy" event as our example.
| Event Detail | Description | Example |
|:----------------|:-------------------------------------------------|:--------|
| Label | Friendly name of the event. | `Create Promotion Policy`
| Repository | This will always be the repository in review following the `<user-or-org>/<repository_name>` convention outlined in [Create a Repository](../user/manage-images/#create-a-repository). | `test-org/test-repo-1` |
| Tag | Tag affected by the event, when applicable. | `test-org/test-repo-1:latest` where `latest` is the affected tag|
| SHA | SHA digest value for **CREATE** operations such as creating a new image tag or a promotion policy. | `sha256:bbf09ba3` |
| SHA | The [digest value](/registry/spec/api/#content-digests) for `CREATE` operations such as creating a new image tag or a promotion policy. | `sha256:bbf09ba3` |
| Type | Event type. Possible values are: `CREATE`, `GET`, `UPDATE`, `DELETE`, `SEND`, `FAIL` and `SCAN` | `CREATE` |
| Initiated by | Links to the profile of the user who initiated the event, where applicable. For image promotion events, this will reflect the promotion ID and link to the **Promotions** page of the repository. | `PROMOTION CA5E7822` |
| Initiated by | The actor responsible for the event. For user-initiated events, this will reflect the user ID and link to that user's profile. For image events triggered by a policy &ndash; pruning, pull / push mirroring, or promotion &ndash; this will reflect the relevant policy ID except for manual promotions where it reflects `PROMOTION MANUAL_P`, and link to the relevant policy page. Other event actors may not include a link. | `PROMOTION CA5E7822` |
| Date and Time | When the event happened in your configured time zone. | `9/13/2018 9:59 PM` |
### Event Audits
Given the level of detail on each event, it should be easy for DTR and security admins to determine what events have taken place inside of DTR. For example, when an image which shouldnt have been deleted ends up getting deleted, the security admin can determine when and who initiated the deletion.
### Events and Permissions
### Event Permissions
For more details on different permission levels within DTR, see [Authentication and authorization in DTR](../admin/manage-users/) to understand the minimum level required to view the different repository events.
| Repository Event | Description | Minimum Permission Level |
@ -71,8 +72,8 @@ For more details on different permission levels within DTR, see [Authentication
| Scan | Requires [security scanning to be set up](../admin/configure/set-up-vulnerability-scans/) by a DTR admin. Once enabled, this will display as a `SCAN` event type. | Authenticated Users |
| Promotion | Refers to a "Create Promotion Policy" event which links to the **Promotions** tab of the repository where you can edit the existing promotions. See [Promotion Policies](../user/promotion-policies/) for different ways to promote an image. | Repository Admin |
| Delete | Refers to "Delete Tag" events. Learn more about [deleting images](../user/manage-images/pull-and-push-images/#delete-images). | Authenticated Users |
| Pull | Refers to "Get Tag" events. Learn more about [pulling images](../Learn more about [pulling images](../user/manage-images/pull-and-push-images/#pull-the-image). | Repository Admin |
| Mirror |Refers to ______ | Repository Admin |
| Pull | Refers to "Get Tag" events. Learn more about [pulling images](../user/manage-images/pull-and-push-images/#pull-the-image). | Repository Admin |
| Mirror |Refers to "Pull mirroring" and "Push mirroring" events. See [Mirror images to another registry](../user/promotion-policies/#mirror-images-to-another-registry) and [Mirror images from another registry](../user/promotion-policies/#mirror-images-from-another-registry) for more details. | Repository Admin |
| Create repo | Refers to "Create Repository" events. See [Create a repository](../user/manage-images/) for more details. | Authenticated Users |
## Where to go next