- Notifications
You must be signed in to change notification settings - Fork102
feat(remote): add support for policy.json allow/deny#1013
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
base:main
Are you sure you want to change the base?
Uh oh!
There was an error while loading.Please reload this page.
Conversation
codecovbot commentedOct 6, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@## main #1013 +/- ##==========================================+ Coverage 80.59% 82.91% +2.31%========================================== Files 64 67 +3 Lines 6121 5009 -1112 ==========================================- Hits 4933 4153 -780+ Misses 864 523 -341- Partials 324 333 +9 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
2c3dc9a tof782b54CompareThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Pull Request Overview
This PR adds comprehensive support for the containers-policy.json format, enabling image access control policies based on allow/deny rules. The implementation includes policy management, evaluation, and integration with repository operations.
Key changes:
- Implements policy evaluation with support for insecure accept, reject, and signature verification requirements (placeholders)
- Adds policy integration to Repository struct with enforcement in Fetch, Push, and Resolve operations
- Provides comprehensive test coverage including unit tests, integration tests, and edge case handling
Reviewed Changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| registry/remote/repository.go | Adds Policy field and checkPolicy method integration |
| registry/remote/repository_policy_test.go | Tests policy enforcement in repository operations |
| registry/remote/policy/policy.go | Core policy management with load/save/validation |
| registry/remote/policy/evaluator.go | Policy evaluation engine for image access decisions |
| registry/remote/policy/requirement.go | Policy requirement types and JSON marshaling |
| registry/remote/policy/policy_test.go | Comprehensive policy functionality tests |
| registry/remote/policy/requirement_test.go | Tests for requirement validation and types |
| registry/remote/policy/edge_cases_test.go | Edge case and error condition testing |
| registry/remote/policy/example_test.go | Example usage and documentation tests |
| docs/policy.md | Documentation for the policy package |
Tip: Customize your code reviews with copilot-instructions.md.Create the file orlearn how to get started.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
94ca447 to5d442efCompareSigned-off-by: Terry Howe <terrylhowe@gmail.com>
f6bd8e2 to39e9cd5Compare
Uh oh!
There was an error while loading.Please reload this page.
Support for policy.json allow/denyhttps://man.archlinux.org/man/containers-policy.json.5.en