Oracle Cloud Infrastructure Documentation

Details for Registry

This topic covers details for writing policies to control access to the Registry.

Resource-Types

  • repos

Supported Variables

Oracle Cloud Infrastructure Registry supports all the general variables (see General Variables for All Requests), plus the ones listed here.

The repos resource-type can use the following variables:

Variable Variable Type Comments
target.repo.name String Use this variable to control access to specific repositories. For an example policy, see Policies to Control Repository Access.

Details for Verb + Resource-Type Combinations

The following tables show the permissions and API operations covered by each verb. The level of access is cumulative as you go from inspect > read > use > manage. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access..

For example, the read verb for the repos resource-type includes the same permissions and API operations as the inspect verb, plus the REPOSITORY_READ permission and a number of API operations (e.g., ReadDockerRepositoryMetadata, etc.). The use verb covers still another permission and API operation compared to read. Lastly, manage covers more permissions and operations compared to use.

Note the Registry API is not currently available.

repos

Permissions Required for Each API Operation

The following table lists the API operations in a logical order, grouped by resource type.

Note the Registry API is not currently available.

For information about permissions, see Permissions.

API Operation Permissions Required to Use the Operation
ListDockerRepositories REPOSITORY_INSPECT
ListDockerRepositoryManifests REPOSITORY_INSPECT
ReadDockerRepositoryMetadata REPOSITORY_READ
ReadDockerRepositoryManifest REPOSITORY_READ
CreateDockerRepository REPOSITORY_CREATE
DeleteDockerRepository REPOSITORY_DELETE
DeleteDockerRepositoryContents REPOSITORY_UPDATE
UpdateDockerRepositoryMetadata REPOSITORY_MANAGE
UploadDockerImage REPOSITORY_UPDATE + REPOSITORY_CREATE
DeleteDockerImage REPOSITORY_UPDATE
DeleteDockerLayer REPOSITORY_UPDATE
PullDockerLayer REPOSITORY_READ
UploadDockerLayer REPOSITORY_UPDATE + REPOSITORY_CREATE