Details for Container Registry
This topic covers details for writing policies to control access to Oracle Cloud Infrastructure Registry (also known as Container Registry).
Resource-Types
repos
Supported Variables
Oracle Cloud Infrastructure Registry supports all the general variables (see General Variables for All Requests), plus the ones listed here.
The repos
resource-type can use the following variables:
Variable | Variable Type | Comments |
---|---|---|
target.repo.name
|
String | Use this variable to control access to specific repositories. For an example policy, see Policies to Control Repository Access. |
Details for Verb + Resource-Type Combinations
The following tables show the permissions and API operations covered by each verb. The level of access is cumulative as you go from inspect
> read
> use
> manage
. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access.
For example, the read
verb for the repos
resource-type
includes the same permissions and API operations as the inspect
verb,
plus the REPOSITORY_READ permission and a number of API operations (e.g.,
GetContainerRepository
, etc.). The use
verb covers
still another permission and API operation compared to read
. Lastly,
manage
covers more permissions and operations compared to
use
.
Verbs | Permissions | APIs Fully Covered | APIs Partially Covered |
---|---|---|---|
inspect |
REPOSITORY_INSPECT |
|
none |
read |
INSPECT + REPOSITORY_READ |
|
none |
use |
no extra |
none |
|
manage |
USE + REPOSITORY_CREATE REPOSITORY_DELETE REPOSITORY_UPDATE REPOSITORY_MANAGE |
|
none |
Permissions Required for Each API Operation
The following table lists the API operations in a logical order, grouped by resource type.
For information about permissions, see Permissions.
API Operation | Permissions Required to Use the Operation |
---|---|
ListContainerRepositories |
REPOSITORY_INSPECT |
CreateContainerRepository |
REPOSITORY_CREATE |
GetContainerRepository |
REPOSITORY_READ |
UpdateContainerRepository |
REPOSITORY_MANAGE |
DeleteContainerRepository |
REPOSITORY_DELETE |
ChangeContainerRepositoryCompartment |
REPOSITORY_MANAGE |
ListContainerImages |
REPOSITORY_INSPECT |
GetContainerImage |
REPOSITORY_READ |
DeleteContainerImage |
REPOSITORY_UPDATE |
RestoreContainerImage |
REPOSITORY_UPDATE |
RemoveContainerVersion |
REPOSITORY_UPDATE |
ListContainerImageSignatures |
REPOSITORY_INSPECT |
GetContainerImageSignature |
REPOSITORY_READ |
CreateContainerImageSignature |
REPOSITORY_MANAGE |
DeleteContainerImageSignature |
REPOSITORY_MANAGE |
GetContainerConfiguration |
REPOSITORY_INSPECT |
UpdateContainerConfiguration |
REPOSITORY_MANAGE |