feat: add ban_tags_enabled/ban_tags to docker remotes to block named tags #43
Reference in New Issue
Block a user
Delete Branch "feat/docker-ban-tags"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Adds two per-remote config keys for docker remotes:
ban_tags_enabled: false # opt-in, default off
ban_tags:
- latest
- edge
When ban_tags_enabled is true and a manifest request arrives for a named
tag in ban_tags, the proxy returns 403. sha256-addressed pulls are never
blocked, so images already pulled can still be referenced by digest.
Blob requests are unaffected.
Adds two per-remote config keys for docker remotes: ban_tags_enabled: false # opt-in, default off ban_tags: - latest - edge When ban_tags_enabled is true and a manifest request arrives for a named tag in ban_tags, the proxy returns 403. sha256-addressed pulls are never blocked, so images already pulled can still be referenced by digest. Blob requests are unaffected.