diff --git a/master/api/index.html b/master/api/index.html index 525f6bab6..253b3e7e2 100644 --- a/master/api/index.html +++ b/master/api/index.html @@ -1,8 +1,8 @@ -Red Hat Quay API Guide
Red Hat Quay 3.9

Red Hat Quay API Guide

Red Hat Quay API Guide

Red Hat OpenShift Documentation Team

Abstract

+Red Hat Quay API Guide
Red Hat Quay 3.9

Red Hat Quay API Guide

Red Hat Quay API Guide

Red Hat OpenShift Documentation Team

Abstract

Use the Red Hat Quay API -

Preface

+

Preface

The Red Hat Quay application programming interface (API) is an OAuth 2 RESTful API that consists of a set of endpoints for adding, displaying, changing and deleting features for Red Hat Quay.

Red Hat Quay abides by the Semantic Versioning (SemVer) specifications. The following conditions are met with each major, minor, and patch release: @@ -358,67 +358,67 @@ oauth2_implicit

Scopes

The following scopes are used to control access to the API endpoints: -

ScopeDescription
+

ScopeDescription

repo:read

- 		+

This application will be able to view and pull all repositories visible to the granting user or robot account

-
+

repo:write

- 		+

This application will be able to view, push and pull to all repositories to which the granting user or robot account has write access

-
+

repo:admin

- 		+

This application will have administrator access to all repositories to which the granting user or robot account has access

-
+

repo:create

- 		+

This application will be able to create repositories in to any namespaces that the granting user or robot account is allowed to create repositories

-
+

user:read

- 		+

This application will be able to read user information such as username and email address.

-
+

org:admin

- 		+

This application will be able to administer your organizations including creating robots, creating teams, adjusting team membership, and changing billing settings. You should have absolute trust in the requesting application before granting this permission.

-
+

super:user

- 		+

This application will be able to administer your installation including managing users, managing organizations and other features found in the superuser panel. You should have absolute trust in the requesting application before granting this permission.

-
+

user:admin

- 		+

This application will be able to administer your account including creating robots and granting them permissions to your repositories. You should have absolute trust in the requesting application before granting this permission.

@@ -430,71 +430,71 @@ Authorizations: oauth2_implicit (user:admin)

Request body schema (application/json)

Description of a new token. -

NameDescriptionSchema
+

NameDescriptionSchema

friendlyName
optional

- 		+

Friendly name to help identify the token

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -502,75 +502,75 @@ Lists the app specific tokens for the user.

GET /api/v1/user/apptoken

Authorizations: oauth2_implicit (user:admin) -

Query parameters
TypeNameDescriptionSchema
+

Query parameters
TypeNameDescriptionSchema

query

- 		+

expiring
optional

- 		+

If true, only returns those tokens expiring soon

- 		+

boolean

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -578,75 +578,75 @@ Returns a specific app token for the user.

GET /api/v1/user/apptoken/{token_uuid}

Authorizations: oauth2_implicit (user:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

token_uuid
required

- 		+

The uuid of the app specific token

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -654,75 +654,75 @@ Revokes a specific app token for the user.

DELETE /api/v1/user/apptoken/{token_uuid}

Authorizations: oauth2_implicit (user:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

token_uuid
required

- 		+

The uuid of the app specific token

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -732,91 +732,91 @@ Return the status for the builds specified by the build uuids.

GET /api/v1/repository/{repository}/build/{build_uuid}/status

Authorizations: oauth2_implicit (repo:read) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

build_uuid
required

- 		+

The UUID of the build

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -824,91 +824,91 @@ Return the build logs for the build specified by the build uuid.

GET /api/v1/repository/{repository}/build/{build_uuid}/logs

Authorizations: oauth2_implicit (repo:read) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

build_uuid
required

- 		+

The UUID of the build

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -916,91 +916,91 @@ Returns information about a build.

GET /api/v1/repository/{repository}/build/{build_uuid}

Authorizations: oauth2_implicit (repo:read) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

build_uuid
required

- 		+

The UUID of the build

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -1008,91 +1008,91 @@ Cancels a repository build.

DELETE /api/v1/repository/{repository}/build/{build_uuid}

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

build_uuid
required

- 		+

The UUID of the build

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -1100,161 +1100,161 @@ Request that a repository be built and pushed from the specified input.

POST /api/v1/repository/{repository}/build/

Authorizations: oauth2_implicit (repo:write) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

Request body schema (application/json)

Description of a new repository build. -

NameDescriptionSchema
+

NameDescriptionSchema

file_id
optional

- 		+

The file id that was generated when the build spec was uploaded

- 		+

string

-
+

archive_url
optional

- 		+

The URL of the .tar.gz to build. Must start with "http" or "https".

- 		+

string

-
+

subdirectory
optional

- 		+

Subdirectory in which the Dockerfile can be found. You can only specify this or dockerfile_path

- 		+

string

-
+

dockerfile_path
optional

- 		+

Path to a dockerfile. You can only specify this or subdirectory.

- 		+

string

-
+

context
optional

- 		+

Pass in the context for the dockerfile. This is optional.

- 		+

string

-
+

pull_robot
optional

- 		+

Username of a Quay robot account to use as pull credentials

- 		+

string

-
+

docker_tags
optional

- 		+

The tags to which the built images will be pushed. If none specified, "latest" is used.

- 		+

array of string
non-empty unique

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -1262,107 +1262,107 @@ Get the list of repository builds.

GET /api/v1/repository/{repository}/build/

Authorizations: oauth2_implicit (repo:read) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Query parameters
TypeNameDescriptionSchema
+
Query parameters
TypeNameDescriptionSchema

query

- 		+

since
optional

- 		+

Returns all builds since the given unix timecode

- 		+

integer

-
+

query

- 		+

limit
optional

- 		+

The maximum number of builds to return

- 		+

integer

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -1372,75 +1372,75 @@ List all of the API endpoints available in the swagger API format.

GET /api/v1/discovery

Authorizations:  -

Query parameters
TypeNameDescriptionSchema
+

Query parameters
TypeNameDescriptionSchema

query

- 		+

internal
optional

- 		+

Whether to include internal APIs.

- 		+

boolean

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -1450,79 +1450,79 @@ Get a detailed description of the error.

GET /api/v1/error/{error_type}

Authorizations:  -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

error_type
required

- 		+

The error code identifying the type of error.

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		+

ApiErrorDescription

-
+

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -1534,71 +1534,71 @@ Authorizations: oauth2_implicit (super:user)

Request body schema (application/json)

Create a new message -

NameDescriptionSchema
+

NameDescriptionSchema

message
optional

- 		+

A single message

- 		+

object

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -1606,59 +1606,59 @@ Return a super users messages.

GET /api/v1/messages

Authorizations:  -

Responses
HTTP CodeDescriptionSchema
+

Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -1666,71 +1666,71 @@ Delete a message.

DELETE /api/v1/message/{uuid}

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

uuid
required

- 		  +  

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -1740,107 +1740,107 @@ Returns the aggregated logs for the current user.

GET /api/v1/user/aggregatelogs

Authorizations: oauth2_implicit (user:admin) -

Query parameters
TypeNameDescriptionSchema
+

Query parameters
TypeNameDescriptionSchema

query

- 		+

performer
optional

- 		+

Username for which to filter logs.

- 		+

string

-
+

query

- 		+

endtime
optional

- 		+

Latest time for logs. Format: "%m/%d/%Y" in UTC.

- 		+

string

-
+

query

- 		+

starttime
optional

- 		+

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -1848,117 +1848,117 @@ Returns the aggregated logs for the current user.

POST /api/v1/user/exportlogs

Authorizations: oauth2_implicit (user:admin) -

Query parameters
TypeNameDescriptionSchema
+

Query parameters
TypeNameDescriptionSchema

query

- 		+

endtime
optional

- 		+

Latest time for logs. Format: "%m/%d/%Y" in UTC.

- 		+

string

-
+

query

- 		+

starttime
optional

- 		+

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

- 		+

string

Request body schema (application/json)

Configuration for an export logs operation -

NameDescriptionSchema
+

NameDescriptionSchema

callback_url
optional

- 		+

The callback URL to invoke with a link to the exported logs

- 		+

string

-
+

callback_email
optional

- 		+

The e-mail address at which to e-mail a link to the exported logs

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -1966,123 +1966,123 @@ List the logs for the current user.

GET /api/v1/user/logs

Authorizations: oauth2_implicit (user:admin) -

Query parameters
TypeNameDescriptionSchema
+

Query parameters
TypeNameDescriptionSchema

query

- 		+

next_page
optional

- 		+

The page token for the next page

- 		+

string

-
+

query

- 		+

performer
optional

- 		+

Username for which to filter logs.

- 		+

string

-
+

query

- 		+

endtime
optional

- 		+

Latest time for logs. Format: "%m/%d/%Y" in UTC.

- 		+

string

-
+

query

- 		+

starttime
optional

- 		+

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -2090,123 +2090,123 @@ Gets the aggregated logs for the specified organization.

GET /api/v1/organization/{orgname}/aggregatelogs

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
Query parameters
TypeNameDescriptionSchema
+
Query parameters
TypeNameDescriptionSchema

query

- 		+

performer
optional

- 		+

Username for which to filter logs.

- 		+

string

-
+

query

- 		+

endtime
optional

- 		+

Latest time for logs. Format: "%m/%d/%Y" in UTC.

- 		+

string

-
+

query

- 		+

starttime
optional

- 		+

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -2214,133 +2214,133 @@ Exports the logs for the specified organization.

POST /api/v1/organization/{orgname}/exportlogs

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
Query parameters
TypeNameDescriptionSchema
+
Query parameters
TypeNameDescriptionSchema

query

- 		+

endtime
optional

- 		+

Latest time for logs. Format: "%m/%d/%Y" in UTC.

- 		+

string

-
+

query

- 		+

starttime
optional

- 		+

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

- 		+

string

Request body schema (application/json)

Configuration for an export logs operation -

NameDescriptionSchema
+

NameDescriptionSchema

callback_url
optional

- 		+

The callback URL to invoke with a link to the exported logs

- 		+

string

-
+

callback_email
optional

- 		+

The e-mail address at which to e-mail a link to the exported logs

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -2348,139 +2348,139 @@ List the logs for the specified organization.

GET /api/v1/organization/{orgname}/logs

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
Query parameters
TypeNameDescriptionSchema
+
Query parameters
TypeNameDescriptionSchema

query

- 		+

next_page
optional

- 		+

The page token for the next page

- 		+

string

-
+

query

- 		+

performer
optional

- 		+

Username for which to filter logs.

- 		+

string

-
+

query

- 		+

endtime
optional

- 		+

Latest time for logs. Format: "%m/%d/%Y" in UTC.

- 		+

string

-
+

query

- 		+

starttime
optional

- 		+

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -2488,107 +2488,107 @@ Returns the aggregated logs for the specified repository.

GET /api/v1/repository/{repository}/aggregatelogs

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Query parameters
TypeNameDescriptionSchema
+
Query parameters
TypeNameDescriptionSchema

query

- 		+

endtime
optional

- 		+

Latest time for logs. Format: "%m/%d/%Y" in UTC.

- 		+

string

-
+

query

- 		+

starttime
optional

- 		+

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -2596,133 +2596,133 @@ Queues an export of the logs for the specified repository.

POST /api/v1/repository/{repository}/exportlogs

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Query parameters
TypeNameDescriptionSchema
+
Query parameters
TypeNameDescriptionSchema

query

- 		+

endtime
optional

- 		+

Latest time for logs. Format: "%m/%d/%Y" in UTC.

- 		+

string

-
+

query

- 		+

starttime
optional

- 		+

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

- 		+

string

Request body schema (application/json)

Configuration for an export logs operation -

NameDescriptionSchema
+

NameDescriptionSchema

callback_url
optional

- 		+

The callback URL to invoke with a link to the exported logs

- 		+

string

-
+

callback_email
optional

- 		+

The e-mail address at which to e-mail a link to the exported logs

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -2730,123 +2730,123 @@ List the logs for the specified repository.

GET /api/v1/repository/{repository}/logs

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Query parameters
TypeNameDescriptionSchema
+
Query parameters
TypeNameDescriptionSchema

query

- 		+

next_page
optional

- 		+

The page token for the next page

- 		+

string

-
+

query

- 		+

endtime
optional

- 		+

Latest time for logs. Format: "%m/%d/%Y" in UTC.

- 		+

string

-
+

query

- 		+

starttime
optional

- 		+

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -2856,107 +2856,107 @@ Retrieves the label with the specific ID under the manifest.

GET /api/v1/repository/{repository}/manifest/{manifestref}/labels/{labelid}

Authorizations: oauth2_implicit (repo:read) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

manifestref
required

- 		+

The digest of the manifest

- 		+

string

-
+

path

- 		+

labelid
required

- 		+

The ID of the label

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -2964,107 +2964,107 @@ Deletes an existing label from a manifest.

DELETE /api/v1/repository/{repository}/manifest/{manifestref}/labels/{labelid}

Authorizations: oauth2_implicit (repo:write) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

manifestref
required

- 		+

The digest of the manifest

- 		+

string

-
+

path

- 		+

labelid
required

- 		+

The ID of the label

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -3072,321 +3072,321 @@ Adds a new label into the tag manifest.

POST /api/v1/repository/{repository}/manifest/{manifestref}/labels

Authorizations: oauth2_implicit (repo:write) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

manifestref
required

- 		+

The digest of the manifest

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

Request body schema (application/json)

Adds a label to a manifest -

NameDescriptionSchema
+

NameDescriptionSchema

key
optional

- 		+

The key for the label

- 		+

string

-
+

value
optional

- 		+

The value for the label

- 		+

string

-
+

media_type
optional

- 		+

The media type for this label

- 		 
Responses
HTTP CodeDescriptionSchema
+  
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.8.4. listManifestLabels

GET /api/v1/repository/{repository}/manifest/{manifestref}/labels

Authorizations: oauth2_implicit (repo:read) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

manifestref
required

- 		+

The digest of the manifest

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Query parameters
TypeNameDescriptionSchema
+
Query parameters
TypeNameDescriptionSchema

query

- 		+

filter
optional

- 		+

If specified, only labels matching the given prefix will be returned

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.8.5. getRepoManifest

GET /api/v1/repository/{repository}/manifest/{manifestref}

Authorizations: oauth2_implicit (repo:read) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

manifestref
required

- 		+

The digest of the manifest

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -3394,75 +3394,75 @@ Update the sync_status for a given Repository’s mirroring configuration.

POST /api/v1/repository/{repository}/mirror/sync-cancel

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -3470,75 +3470,75 @@ Update the sync_status for a given Repository’s mirroring configuration.

POST /api/v1/repository/{repository}/mirror/sync-now

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -3546,79 +3546,79 @@ Return the Mirror configuration for a given Repository.

GET /api/v1/repository/{repository}/mirror

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		+

ViewMirrorConfig

-
+

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -3626,173 +3626,173 @@ Allow users to modifying the repository’s mirroring configuration.

PUT /api/v1/repository/{repository}/mirror

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

Request body schema (application/json)

Update the repository mirroring configuration. -

NameDescriptionSchema
+

NameDescriptionSchema

is_enabled
optional

- 		+

Used to enable or disable synchronizations.

- 		+

boolean

-
+

external_reference
optional

- 		+

Location of the external repository.

- 		+

string

-
+

external_registry_username
optional

- 		+

Username used to authenticate with external registry.

- 		 
+  

external_registry_password
optional

- 		+

Password used to authenticate with external registry.

- 		 
+  

sync_start_date
optional

- 		+

Determines the next time this repository is ready for synchronization.

- 		+

string

-
+

sync_interval
optional

- 		+

Number of seconds after next_start_date to begin synchronizing.

- 		+

integer

-
+

robot_username
optional

- 		+

Username of robot which will be used for image pushes.

- 		+

string

-
+

root_rule
optional

- 		+

A list of glob-patterns used to determine which tags should be synchronized.

- 		+

object

-
+

external_registry_config
optional

- 		  +  

object

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -3800,1141 +3800,1141 @@ Create a RepoMirrorConfig for a given Repository.

POST /api/v1/repository/{repository}/mirror

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

Request body schema (application/json)

Create the repository mirroring configuration. -

NameDescriptionSchema
+

NameDescriptionSchema

is_enabled
optional

- 		+

Used to enable or disable synchronizations.

- 		+

boolean

-
+

external_reference
optional

- 		+

Location of the external repository.

- 		+

string

-
+

external_registry_username
optional

- 		+

Username used to authenticate with external registry.

- 		 
+  

external_registry_password
optional

- 		+

Password used to authenticate with external registry.

- 		 
+  

sync_start_date
optional

- 		+

Determines the next time this repository is ready for synchronization.

- 		+

string

-
+

sync_interval
optional

- 		+

Number of seconds after next_start_date to begin synchronizing.

- 		+

integer

-
+

robot_username
optional

- 		+

Username of robot which will be used for image pushes.

- 		+

string

-
+

root_rule
optional

- 		+

A list of glob-patterns used to determine which tags should be synchronized.

- 		+

object

-
+

external_registry_config
optional

- 		  +  

object

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.10. namespacequota

2.10.1. listUserQuota

GET /api/v1/user/quota

Authorizations: oauth2_implicit (user:admin) -

Responses
HTTP CodeDescriptionSchema
+

Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.10.2. getOrganizationQuotaLimit

GET /api/v1/organization/{orgname}/quota/{quota_id}/limit/{limit_id}

Authorizations:  -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

quota_id
required

- 		  +  

string

-
+

path

- 		+

limit_id
required

- 		  +  

string

-
+

path

- 		+

orgname
required

- 		  +  

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.10.3. changeOrganizationQuotaLimit

PUT /api/v1/organization/{orgname}/quota/{quota_id}/limit/{limit_id}

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

quota_id
required

- 		  +  

string

-
+

path

- 		+

limit_id
required

- 		  +  

string

-
+

path

- 		+

orgname
required

- 		  +  

string

Request body schema (application/json)

Description of changing organization quota limit -

NameDescriptionSchema
+

NameDescriptionSchema

type
optional

- 		+

Type of quota limit: "Warning" or "Reject"

- 		+

string

-
+

threshold_percent
optional

- 		+

Quota threshold, in percent of quota

- 		+

integer

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.10.4. deleteOrganizationQuotaLimit

DELETE /api/v1/organization/{orgname}/quota/{quota_id}/limit/{limit_id}

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

quota_id
required

- 		  +  

string

-
+

path

- 		+

limit_id
required

- 		  +  

string

-
+

path

- 		+

orgname
required

- 		  +  

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.10.5. createOrganizationQuotaLimit

POST /api/v1/organization/{orgname}/quota/{quota_id}/limit

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

quota_id
required

- 		  +  

string

-
+

path

- 		+

orgname
required

- 		  +  

string

Request body schema (application/json)

Description of a new organization quota limit -

NameDescriptionSchema
+

NameDescriptionSchema

type
optional

- 		+

Type of quota limit: "Warning" or "Reject"

- 		+

string

-
+

threshold_percent
optional

- 		+

Quota threshold, in percent of quota

- 		+

integer

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.10.6. listOrganizationQuotaLimit

GET /api/v1/organization/{orgname}/quota/{quota_id}/limit

Authorizations:  -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

quota_id
required

- 		  +  

string

-
+

path

- 		+

orgname
required

- 		  +  

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.10.7. getUserQuotaLimit

GET /api/v1/user/quota/{quota_id}/limit/{limit_id}

Authorizations: oauth2_implicit (user:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

quota_id
required

- 		  +  

string

-
+

path

- 		+

limit_id
required

- 		  +  

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.10.8. listUserQuotaLimit

GET /api/v1/user/quota/{quota_id}/limit

Authorizations: oauth2_implicit (user:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

quota_id
required

- 		  +  

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.10.9. getOrganizationQuota

GET /api/v1/organization/{orgname}/quota/{quota_id}

Authorizations:  -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

quota_id
required

- 		  +  

string

-
+

path

- 		+

orgname
required

- 		  +  

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.10.10. changeOrganizationQuota

PUT /api/v1/organization/{orgname}/quota/{quota_id}

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

quota_id
required

- 		  +  

string

-
+

path

- 		+

orgname
required

- 		  +  

string

Request body schema (application/json)

Description of a new organization quota -

NameDescriptionSchema
+

NameDescriptionSchema

limit_bytes
optional

- 		+

Number of bytes the organization is allowed

- 		+

integer

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.10.11. deleteOrganizationQuota

DELETE /api/v1/organization/{orgname}/quota/{quota_id}

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

quota_id
required

- 		  +  

string

-
+

path

- 		+

orgname
required

- 		  +  

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -4942,225 +4942,225 @@ Create a new organization quota.

POST /api/v1/organization/{orgname}/quota

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		  +  

string

Request body schema (application/json)

Description of a new organization quota -

NameDescriptionSchema
+

NameDescriptionSchema

limit_bytes
optional

- 		+

Number of bytes the organization is allowed

- 		+

integer

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.10.13. listOrganizationQuota

GET /api/v1/organization/{orgname}/quota

Authorizations:  -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		  +  

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.10.14. getUserQuota

GET /api/v1/user/quota/{quota_id}

Authorizations: oauth2_implicit (user:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

quota_id
required

- 		  +  

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -5172,95 +5172,95 @@ Authorizations: oauth2_implicit (user:admin)

Request body schema (application/json)

Description of a new organization. -

NameDescriptionSchema
+

NameDescriptionSchema

name
optional

- 		+

Organization username

- 		+

string

-
+

email
optional

- 		+

Organization contact email

- 		+

string

-
+

recaptcha_response
optional

- 		+

The (may be disabled) recaptcha response code for verification

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -5268,85 +5268,85 @@ Running POST /api/v1/organization/{orgname}/validateproxycache currently returns a 202 response payload of Valid. This is a known issue. It should return a Successful Creation response payload. This will be fixed in a future version of Red Hat Quay.

Authorizations:  -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		  +  

string

Request body schema (application/json)

Proxy cache configuration for an organization -

NameDescriptionSchema
+

NameDescriptionSchema

upstream_registry
optional

- 		+

Name of the upstream registry that is to be cached

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -5354,75 +5354,75 @@ List outside collaborators of the specified organization.

GET /api/v1/organization/{orgname}/collaborators

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -5430,91 +5430,91 @@ Retrieves the application with the specified client_id under the specified organization.

GET /api/v1/organization/{orgname}/applications/{client_id}

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

client_id
required

- 		+

The OAuth client ID

- 		+

string

-
+

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -5522,153 +5522,153 @@ Updates an application under this organization.

PUT /api/v1/organization/{orgname}/applications/{client_id}

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

client_id
required

- 		+

The OAuth client ID

- 		+

string

-
+

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

Request body schema (application/json)

Description of an updated application. -

NameDescriptionSchema
+

NameDescriptionSchema

name
required

- 		+

The name of the application

- 		+

string

-
+

redirect_uri
required

- 		+

The URI for the application’s OAuth redirect

- 		+

string

-
+

application_uri
required

- 		+

The URI for the application’s homepage

- 		+

string

-
+

description
optional

- 		+

The human-readable description for the application

- 		+

string

-
+

avatar_email
optional

- 		+

The e-mail address of the avatar to use for the application

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -5676,91 +5676,91 @@ Deletes the application under this organization.

DELETE /api/v1/organization/{orgname}/applications/{client_id}

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

client_id
required

- 		+

The OAuth client ID

- 		+

string

-
+

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -5768,137 +5768,137 @@ Creates a new application under this organization.

POST /api/v1/organization/{orgname}/applications

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

Request body schema (application/json)

Description of a new organization application. -

NameDescriptionSchema
+

NameDescriptionSchema

name
required

- 		+

The name of the application

- 		+

string

-
+

redirect_uri
required

- 		+

The URI for the application’s OAuth redirect

- 		+

string

-
+

application_uri
required

- 		+

The URI for the application’s homepage

- 		+

string

-
+

description
optional

- 		+

The human-readable description for the application

- 		+

string

-
+

avatar_email
optional

- 		+

The e-mail address of the avatar to use for the application

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -5906,75 +5906,75 @@ List the applications for the specified organization.

GET /api/v1/organization/{orgname}/applications

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -5982,75 +5982,75 @@ Retrieves the proxy cache configuration of the organization.

GET /api/v1/organization/{orgname}/proxycache

Authorizations:  -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -6058,75 +6058,75 @@ Delete proxy cache configuration for the organization.

DELETE /api/v1/organization/{orgname}/proxycache

Authorizations:  -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -6134,89 +6134,89 @@ Creates proxy cache configuration for the organization.

POST /api/v1/organization/{orgname}/proxycache

Authorizations:  -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

Request body schema (application/json)

Proxy cache configuration for an organization -

NameDescriptionSchema
+

NameDescriptionSchema

upstream_registry
optional

- 		+

Name of the upstream registry that is to be cached

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -6224,91 +6224,91 @@ Retrieves the details of a member of the organization.

GET /api/v1/organization/{orgname}/members/{membername}

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
+

path

- 		+

membername
required

- 		+

The username of the organization member

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -6316,91 +6316,91 @@ Removes a member from an organization, revoking all its repository priviledges and removing it from all teams in the organization.

DELETE /api/v1/organization/{orgname}/members/{membername}

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
+

path

- 		+

membername
required

- 		+

The username of the organization member

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -6408,75 +6408,75 @@ List the human members of the specified organization.

GET /api/v1/organization/{orgname}/members

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -6484,75 +6484,75 @@ Get the details for the specified organization.

GET /api/v1/organization/{orgname}

Authorizations:  -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -6560,121 +6560,121 @@ Change the details for the specified organization.

PUT /api/v1/organization/{orgname}

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

Request body schema (application/json)

Description of updates for an existing organization -

NameDescriptionSchema
+

NameDescriptionSchema

email
optional

- 		+

Organization contact email

- 		+

string

-
+

invoice_email
optional

- 		+

Whether the organization desires to receive emails for invoices

- 		+

boolean

-
+

invoice_email_address
optional

- 		+

The email address at which to receive invoices

- 		 
+  

tag_expiration_s
optional

- 		+

The number of seconds for tag expiration

- 		+

integer

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -6682,75 +6682,75 @@ Deletes the specified organization.

DELETE /api/v1/organization/{orgname}

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -6758,75 +6758,75 @@ Get information on the specified application.

GET /api/v1/app/{client_id}

Authorizations:  -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

client_id
required

- 		+

The OAuth client ID

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -6836,91 +6836,91 @@ Get the fetch the permission for the specified user.

GET /api/v1/repository/{repository}/permissions/user/{username}/transitive

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
+

path

- 		+

username
required

- 		+

The username of the user to which the permissions apply

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -6928,91 +6928,91 @@ Get the permission for the specified user.

GET /api/v1/repository/{repository}/permissions/user/{username}

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
+

path

- 		+

username
required

- 		+

The username of the user to which the permission applies

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -7020,105 +7020,105 @@ Update the perimssions for an existing repository.

PUT /api/v1/repository/{repository}/permissions/user/{username}

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
+

path

- 		+

username
required

- 		+

The username of the user to which the permission applies

- 		+

string

Request body schema (application/json)

Description of a user permission. -

NameDescriptionSchema
+

NameDescriptionSchema

role
optional

- 		+

Role to use for the user

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -7126,91 +7126,91 @@ Delete the permission for the user.

DELETE /api/v1/repository/{repository}/permissions/user/{username}

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
+

path

- 		+

username
required

- 		+

The username of the user to which the permission applies

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -7218,91 +7218,91 @@ Fetch the permission for the specified team.

GET /api/v1/repository/{repository}/permissions/team/{teamname}

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

teamname
required

- 		+

The name of the team to which the permission applies

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -7310,105 +7310,105 @@ Update the existing team permission.

PUT /api/v1/repository/{repository}/permissions/team/{teamname}

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

teamname
required

- 		+

The name of the team to which the permission applies

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

Request body schema (application/json)

Description of a team permission. -

NameDescriptionSchema
+

NameDescriptionSchema

role
optional

- 		+

Role to use for the team

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -7416,91 +7416,91 @@ Delete the permission for the specified team.

DELETE /api/v1/repository/{repository}/permissions/team/{teamname}

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

teamname
required

- 		+

The name of the team to which the permission applies

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -7508,75 +7508,75 @@ List all team permission.

GET /api/v1/repository/{repository}/permissions/team/

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -7584,75 +7584,75 @@ List all user permissions.

GET /api/v1/repository/{repository}/permissions/user/

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -7662,105 +7662,105 @@ Update the role of an existing permission prototype.

PUT /api/v1/organization/{orgname}/prototypes/{prototypeid}

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
+

path

- 		+

prototypeid
required

- 		+

The ID of the prototype

- 		+

string

Request body schema (application/json)

Description of a the new prototype role -

NameDescriptionSchema
+

NameDescriptionSchema

role
optional

- 		+

Role that should be applied to the permission

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -7768,91 +7768,91 @@ Delete an existing permission prototype.

DELETE /api/v1/organization/{orgname}/prototypes/{prototypeid}

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
+

path

- 		+

prototypeid
required

- 		+

The ID of the prototype

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -7860,113 +7860,113 @@ Create a new permission prototype.

POST /api/v1/organization/{orgname}/prototypes

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

Request body schema (application/json)

Description of a new prototype -

NameDescriptionSchema
+

NameDescriptionSchema

role
optional

- 		+

Role that should be applied to the delegate

- 		+

string

-
+

activating_user
optional

- 		+

Repository creating user to whom the rule should apply

- 		+

object

-
+

delegate
optional

- 		+

Information about the user or team to which the rule grants access

- 		+

object

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -7974,75 +7974,75 @@ List the existing prototypes for this organization.

GET /api/v1/organization/{orgname}/prototypes

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -8054,115 +8054,115 @@ Authorizations: oauth2_implicit (repo:create)

Request body schema (application/json)

Description of a new repository -

NameDescriptionSchema
+

NameDescriptionSchema

repository
optional

- 		+

Repository name

- 		+

string

-
+

visibility
optional

- 		+

Visibility which the repository will start with

- 		+

string

-
+

namespace
optional

- 		+

Namespace in which the repository should be created. If omitted, the username of the caller is used

- 		+

string

-
+

description
optional

- 		+

Markdown encoded description for the repository

- 		+

string

-
+

repo_kind
optional

- 		+

The kind of repository

- 		 
Responses
HTTP CodeDescriptionSchema
+  
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -8170,171 +8170,171 @@ Fetch the list of repositories visible to the current user under a variety of situations.

GET /api/v1/repository

Authorizations: oauth2_implicit (repo:read) -

Query parameters
TypeNameDescriptionSchema
+

Query parameters
TypeNameDescriptionSchema

query

- 		+

next_page
optional

- 		+

The page token for the next page

- 		+

string

-
+

query

- 		+

repo_kind
optional

- 		+

The kind of repositories to return

- 		+

string

-
+

query

- 		+

popularity
optional

- 		+

Whether to include the repository’s popularity metric.

- 		+

boolean

-
+

query

- 		+

last_modified
optional

- 		+

Whether to include when the repository was last modified.

- 		+

boolean

-
+

query

- 		+

public
optional

- 		+

Adds any repositories visible to the user by virtue of being public

- 		+

boolean

-
+

query

- 		+

starred
optional

- 		+

Filters the repositories returned to those starred by the user

- 		+

boolean

-
+

query

- 		+

namespace
optional

- 		+

Filters the repositories returned to this namespace

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -8342,89 +8342,89 @@ Change the visibility of a repository.

POST /api/v1/repository/{repository}/changevisibility

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

Request body schema (application/json)

Change the visibility for the repository. -

NameDescriptionSchema
+

NameDescriptionSchema

visibility
optional

- 		+

Visibility which the repository will start with

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -8432,89 +8432,89 @@ Change the state of a repository.

PUT /api/v1/repository/{repository}/changestate

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

Request body schema (application/json)

Change the state of the repository. -

NameDescriptionSchema
+

NameDescriptionSchema

state
optional

- 		+

Determines whether pushes are allowed.

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -8522,107 +8522,107 @@ Fetch the specified repository.

GET /api/v1/repository/{repository}

Authorizations: oauth2_implicit (repo:read) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Query parameters
TypeNameDescriptionSchema
+
Query parameters
TypeNameDescriptionSchema

query

- 		+

includeTags
optional

- 		+

Whether to include repository tags

- 		+

boolean

-
+

query

- 		+

includeStats
optional

- 		+

Whether to include action statistics

- 		+

boolean

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -8630,89 +8630,89 @@ Update the description in the specified repository.

PUT /api/v1/repository/{repository}

Authorizations: oauth2_implicit (repo:write) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

Request body schema (application/json)

Fields which can be updated in a repository. -

NameDescriptionSchema
+

NameDescriptionSchema

description
optional

- 		+

Markdown encoded description for the repository

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -8720,75 +8720,75 @@ Delete a repository.

DELETE /api/v1/repository/{repository}

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -8798,91 +8798,91 @@ Queues a test notification for this repository.

POST /api/v1/repository/{repository}/notification/{uuid}/test

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

uuid
required

- 		+

The UUID of the notification

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -8890,91 +8890,91 @@ Get information for the specified notification.

GET /api/v1/repository/{repository}/notification/{uuid}

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

uuid
required

- 		+

The UUID of the notification

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -8982,91 +8982,91 @@ Deletes the specified notification.

DELETE /api/v1/repository/{repository}/notification/{uuid}

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

uuid
required

- 		+

The UUID of the notification

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -9074,227 +9074,227 @@ Resets repository notification to 0 failures.

POST /api/v1/repository/{repository}/notification/{uuid}

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

uuid
required

- 		+

The UUID of the notification

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.15.5. createRepoNotification

POST /api/v1/repository/{repository}/notification/

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

Request body schema (application/json)

Information for creating a notification on a repository -

NameDescriptionSchema
+

NameDescriptionSchema

event
optional

- 		+

The event on which the notification will respond

- 		+

string

-
+

method
optional

- 		+

The method of notification (such as email or web callback)

- 		+

string

-
+

config
optional

- 		+

JSON config information for the specific method of notification

- 		+

object

-
+

eventConfig
optional

- 		+

JSON config information for the specific event of notification

- 		+

object

-
+

title
optional

- 		+

The human-readable title of the notification

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -9302,75 +9302,75 @@ List the notifications for the specified repository.

GET /api/v1/repository/{repository}/notification/

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -9380,91 +9380,91 @@ Fetch the specified repository token information.

GET /api/v1/repository/{repository}/tokens/{code}

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

code
required

- 		+

The token code

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -9472,105 +9472,105 @@ Update the permissions for the specified repository token.

PUT /api/v1/repository/{repository}/tokens/{code}

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

code
required

- 		+

The token code

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

Request body schema (application/json)

Description of a token permission -

NameDescriptionSchema
+

NameDescriptionSchema

role
optional

- 		+

Role to use for the token

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -9578,91 +9578,91 @@ Delete the repository token.

DELETE /api/v1/repository/{repository}/tokens/{code}

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

code
required

- 		+

The token code

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -9670,89 +9670,89 @@ Create a new repository token.

POST /api/v1/repository/{repository}/tokens/

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

Request body schema (application/json)

Description of a new token. -

NameDescriptionSchema
+

NameDescriptionSchema

friendlyName
optional

- 		+

Friendly name to help identify the token

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -9760,75 +9760,75 @@ List the tokens for the specified repository.

GET /api/v1/repository/{repository}/tokens/

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -9838,107 +9838,107 @@ List the available robots for the user.

GET /api/v1/user/robots

Authorizations: oauth2_implicit (user:admin) -

Query parameters
TypeNameDescriptionSchema
+

Query parameters
TypeNameDescriptionSchema

query

- 		+

limit
optional

- 		+

If specified, the number of robots to return.

- 		+

integer

-
+

query

- 		+

token
optional

- 		+

If false, the robot’s token is not returned.

- 		+

boolean

-
+

query

- 		+

permissions
optional

- 		+

Whether to include repositories and teams in which the robots have permission.

- 		+

boolean

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -9946,91 +9946,91 @@ Returns the list of repository permissions for the org’s robot.

GET /api/v1/organization/{orgname}/robots/{robot_shortname}/permissions

Authorizations: oauth2_implicit (user:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
+

path

- 		+

robot_shortname
required

- 		+

The short name for the robot, without any user or organization prefix

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -10038,91 +10038,91 @@ Regenerates the token for an organization robot.

POST /api/v1/organization/{orgname}/robots/{robot_shortname}/regenerate

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
+

path

- 		+

robot_shortname
required

- 		+

The short name for the robot, without any user or organization prefix

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -10130,75 +10130,75 @@ Returns the list of repository permissions for the user’s robot.

GET /api/v1/user/robots/{robot_shortname}/permissions

Authorizations: oauth2_implicit (user:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

robot_shortname
required

- 		+

The short name for the robot, without any user or organization prefix

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -10206,75 +10206,75 @@ Regenerates the token for a user’s robot.

POST /api/v1/user/robots/{robot_shortname}/regenerate

Authorizations: oauth2_implicit (user:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

robot_shortname
required

- 		+

The short name for the robot, without any user or organization prefix

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -10282,91 +10282,91 @@ Returns the organization’s robot with the specified name.

GET /api/v1/organization/{orgname}/robots/{robot_shortname}

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
+

path

- 		+

robot_shortname
required

- 		+

The short name for the robot, without any user or organization prefix

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -10374,117 +10374,117 @@ Create a new robot in the organization.

PUT /api/v1/organization/{orgname}/robots/{robot_shortname}

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
+

path

- 		+

robot_shortname
required

- 		+

The short name for the robot, without any user or organization prefix

- 		+

string

Request body schema (application/json)

Optional data for creating a robot -

NameDescriptionSchema
+

NameDescriptionSchema

description
optional

- 		+

Optional text description for the robot

- 		+

string

-
+

unstructured_metadata
optional

- 		+

Optional unstructured metadata for the robot

- 		+

object

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -10492,91 +10492,91 @@ Delete an existing organization robot.

DELETE /api/v1/organization/{orgname}/robots/{robot_shortname}

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
+

path

- 		+

robot_shortname
required

- 		+

The short name for the robot, without any user or organization prefix

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -10584,123 +10584,123 @@ List the organization’s robots.

GET /api/v1/organization/{orgname}/robots

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
Query parameters
TypeNameDescriptionSchema
+
Query parameters
TypeNameDescriptionSchema

query

- 		+

limit
optional

- 		+

If specified, the number of robots to return.

- 		+

integer

-
+

query

- 		+

token
optional

- 		+

If false, the robot’s token is not returned.

- 		+

boolean

-
+

query

- 		+

permissions
optional

- 		+

Whether to include repostories and teams in which the robots have permission.

- 		+

boolean

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -10708,75 +10708,75 @@ Returns the user’s robot with the specified name.

GET /api/v1/user/robots/{robot_shortname}

Authorizations: oauth2_implicit (user:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

robot_shortname
required

- 		+

The short name for the robot, without any user or organization prefix

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -10784,101 +10784,101 @@ Create a new user robot with the specified name.

PUT /api/v1/user/robots/{robot_shortname}

Authorizations: oauth2_implicit (user:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

robot_shortname
required

- 		+

The short name for the robot, without any user or organization prefix

- 		+

string

Request body schema (application/json)

Optional data for creating a robot -

NameDescriptionSchema
+

NameDescriptionSchema

description
optional

- 		+

Optional text description for the robot

- 		+

string

-
+

unstructured_metadata
optional

- 		+

Optional unstructured metadata for the robot

- 		+

object

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -10886,75 +10886,75 @@ Delete an existing robot.

DELETE /api/v1/user/robots/{robot_shortname}

Authorizations: oauth2_implicit (user:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

robot_shortname
required

- 		+

The short name for the robot, without any user or organization prefix

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -10964,107 +10964,107 @@ Get a list of apps and repositories that match the specified query.

GET /api/v1/find/repositories

Authorizations:  -

Query parameters
TypeNameDescriptionSchema
+

Query parameters
TypeNameDescriptionSchema

query

- 		+

includeUsage
optional

- 		+

Whether to include usage metadata

- 		+

boolean

-
+

query

- 		+

page
optional

- 		+

The page.

- 		+

integer

-
+

query

- 		+

query
optional

- 		+

The search query.

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -11072,75 +11072,75 @@ Get a list of entities and resources that match the specified query.

GET /api/v1/find/all

Authorizations: oauth2_implicit (repo:read) -

Query parameters
TypeNameDescriptionSchema
+

Query parameters
TypeNameDescriptionSchema

query

- 		+

query
optional

- 		+

The search query.

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -11148,119 +11148,119 @@ Get a list of entities that match the specified prefix.

GET /api/v1/entities/{prefix}

Authorizations:  -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

prefix
required

- 		  +  

string

-
Query parameters
TypeNameDescriptionSchema
+
Query parameters
TypeNameDescriptionSchema

query

- 		+

includeOrgs
optional

- 		+

Whether to include orgs names.

- 		+

boolean

-
+

query

- 		+

includeTeams
optional

- 		+

Whether to include team names.

- 		+

boolean

-
+

query

- 		+

namespace
optional

- 		+

Namespace to use when querying for org entities.

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -11268,107 +11268,107 @@ List and manage repository vulnerabilities and other security information.

2.19.1. getRepoManifestSecurity

GET /api/v1/repository/{repository}/manifest/{manifestref}/security

Authorizations: oauth2_implicit (repo:read) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

manifestref
required

- 		+

The digest of the manifest

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Query parameters
TypeNameDescriptionSchema
+
Query parameters
TypeNameDescriptionSchema

query

- 		+

vulnerabilities
optional

- 		+

Include vulnerabilities informations

- 		+

boolean

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -11380,83 +11380,83 @@ Authorizations: oauth2_implicit (super:user)

Request body schema (application/json)

Data for creating a user -

NameDescriptionSchema
+

NameDescriptionSchema

username
optional

- 		+

The username of the user being created

- 		+

string

-
+

email
optional

- 		+

The email address of the user being created

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -11464,75 +11464,75 @@ Returns a list of all users in the system.

GET /api/v1/superuser/users/

Authorizations: oauth2_implicit (super:user) -

Query parameters
TypeNameDescriptionSchema
+

Query parameters
TypeNameDescriptionSchema

query

- 		+

disabled
optional

- 		+

If false, only enabled users will be returned.

- 		+

boolean

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -11540,123 +11540,123 @@ List the usage logs for the current system.

GET /api/v1/superuser/logs

Authorizations: oauth2_implicit (super:user) -

Query parameters
TypeNameDescriptionSchema
+

Query parameters
TypeNameDescriptionSchema

query

- 		+

next_page
optional

- 		+

The page token for the next page

- 		+

string

-
+

query

- 		+

page
optional

- 		+

The page number for the logs

- 		+

integer

-
+

query

- 		+

endtime
optional

- 		+

Latest time to which to get logs (%m/%d/%Y %Z)

- 		+

string

-
+

query

- 		+

starttime
optional

- 		+

Earliest time from which to get logs (%m/%d/%Y %Z)

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -11664,837 +11664,837 @@ Authorizations: oauth2_implicit (super:user)

Request body schema (application/json)

Description of creation of a service key -

NameDescriptionSchema
+

NameDescriptionSchema

service
optional

- 		+

The service authenticating with this key

- 		+

string

-
+

name
optional

- 		+

The friendly name of a service key

- 		+

string

-
+

metadata
optional

- 		+

The key/value pairs of this key’s metadata

- 		+

object

-
+

notes
optional

- 		+

If specified, the extra notes for the key

- 		+

string

-
+

expiration
optional

- 		+

The expiration date as a unix timestamp

- 		 
Responses
HTTP CodeDescriptionSchema
+  
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.20.5. listServiceKeys

GET /api/v1/superuser/keys

Authorizations: oauth2_implicit (super:user) -

Responses
HTTP CodeDescriptionSchema
+

Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.20.6. changeUserQuotaSuperUser

PUT /api/v1/superuser/organization/{namespace}/quota/{quota_id}

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

namespace
required

- 		  +  

string

-
+

path

- 		+

quota_id
required

- 		  +  

string

Request body schema (application/json)

Description of a new organization quota -

NameDescriptionSchema
+

NameDescriptionSchema

limit_bytes
optional

- 		+

Number of bytes the organization is allowed

- 		+

integer

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.20.7. deleteUserQuotaSuperUser

DELETE /api/v1/superuser/organization/{namespace}/quota/{quota_id}

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

namespace
required

- 		  +  

string

-
+

path

- 		+

quota_id
required

- 		  +  

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.20.8. createUserQuotaSuperUser

POST /api/v1/superuser/organization/{namespace}/quota

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

namespace
required

- 		  +  

string

Request body schema (application/json)

Description of a new organization quota -

NameDescriptionSchema
+

NameDescriptionSchema

limit_bytes
optional

- 		+

Number of bytes the organization is allowed

- 		+

integer

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.20.9. listUserQuotaSuperUser

GET /api/v1/superuser/organization/{namespace}/quota

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

namespace
required

- 		  +  

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.20.10. changeOrganizationQuotaSuperUser

PUT /api/v1/superuser/users/{namespace}/quota/{quota_id}

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

namespace
required

- 		  +  

string

-
+

path

- 		+

quota_id
required

- 		  +  

string

Request body schema (application/json)

Description of a new organization quota -

NameDescriptionSchema
+

NameDescriptionSchema

limit_bytes
optional

- 		+

Number of bytes the organization is allowed

- 		+

integer

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.20.11. deleteOrganizationQuotaSuperUser

DELETE /api/v1/superuser/users/{namespace}/quota/{quota_id}

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

namespace
required

- 		  +  

string

-
+

path

- 		+

quota_id
required

- 		  +  

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.20.12. createOrganizationQuotaSuperUser

POST /api/v1/superuser/users/{namespace}/quota

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

namespace
required

- 		  +  

string

Request body schema (application/json)

Description of a new organization quota -

NameDescriptionSchema
+

NameDescriptionSchema

limit_bytes
optional

- 		+

Number of bytes the organization is allowed

- 		+

integer

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.20.13. listOrganizationQuotaSuperUser

GET /api/v1/superuser/users/{namespace}/quota

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

namespace
required

- 		  +  

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -12502,121 +12502,121 @@ Updates information about the specified user.

PUT /api/v1/superuser/organizations/{name}

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

name
required

- 		+

The name of the organizaton being managed

- 		+

string

Request body schema (application/json)

Description of updates for an existing organization -

NameDescriptionSchema
+

NameDescriptionSchema

email
optional

- 		+

Organization contact email

- 		+

string

-
+

invoice_email
optional

- 		+

Whether the organization desires to receive emails for invoices

- 		+

boolean

-
+

invoice_email_address
optional

- 		+

The email address at which to receive invoices

- 		 
+  

tag_expiration_s
optional

- 		+

The number of seconds for tag expiration

- 		+

integer

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -12624,419 +12624,419 @@ Deletes the specified organization.

DELETE /api/v1/superuser/organizations/{name}

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

name
required

- 		+

The name of the organizaton being managed

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.20.16. approveServiceKey

POST /api/v1/superuser/approvedkeys/{kid}

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

kid
required

- 		+

The unique identifier for a service key

- 		+

string

Request body schema (application/json)

Information for approving service keys -

NameDescriptionSchema
+

NameDescriptionSchema

notes
optional

- 		+

Optional approval notes

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.20.17. getServiceKey

GET /api/v1/superuser/keys/{kid}

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

kid
required

- 		+

The unique identifier for a service key

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.20.18. updateServiceKey

PUT /api/v1/superuser/keys/{kid}

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

kid
required

- 		+

The unique identifier for a service key

- 		+

string

Request body schema (application/json)

Description of updates for a service key -

NameDescriptionSchema
+

NameDescriptionSchema

name
optional

- 		+

The friendly name of a service key

- 		+

string

-
+

metadata
optional

- 		+

The key/value pairs of this key’s metadata

- 		+

object

-
+

expiration
optional

- 		+

The expiration date as a unix timestamp

- 		 
Responses
HTTP CodeDescriptionSchema
+  
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.20.19. deleteServiceKey

DELETE /api/v1/superuser/keys/{kid}

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

kid
required

- 		+

The unique identifier for a service key

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -13044,75 +13044,75 @@ Return the status for the builds specified by the build uuids.

GET /api/v1/superuser/{build_uuid}/status

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

build_uuid
required

- 		+

The UUID of the build

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -13120,75 +13120,75 @@ Returns information about a build.

GET /api/v1/superuser/{build_uuid}/build

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

build_uuid
required

- 		+

The UUID of the build

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -13196,75 +13196,75 @@ Return the build logs for the build specified by the build uuid.

GET /api/v1/superuser/{build_uuid}/logs

Authorizations: oauth2_implicit (super:user) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

build_uuid
required

- 		+

The UUID of the build

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -13274,105 +13274,105 @@ Restores a repository tag back to a previous image in the repository.

POST /api/v1/repository/{repository}/tag/{tag}/restore

Authorizations: oauth2_implicit (repo:write) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

tag
required

- 		+

The name of the tag

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

Request body schema (application/json)

Restores a tag to a specific image -

NameDescriptionSchema
+

NameDescriptionSchema

manifest_digest
optional

- 		+

If specified, the manifest digest that should be used

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -13380,109 +13380,109 @@ Change which image a tag points to or create a new tag.

PUT /api/v1/repository/{repository}/tag/{tag}

Authorizations: oauth2_implicit (repo:write) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

tag
required

- 		+

The name of the tag

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

Request body schema (application/json)

Makes changes to a specific tag -

NameDescriptionSchema
+

NameDescriptionSchema

manifest_digest
optional

- 		+

(If specified) The manifest digest to which the tag should point

- 		 
+  

expiration
optional

- 		+

(If specified) The expiration for the image

- 		 
Responses
HTTP CodeDescriptionSchema
+  
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -13490,229 +13490,229 @@ Delete the specified repository tag.

DELETE /api/v1/repository/{repository}/tag/{tag}

Authorizations: oauth2_implicit (repo:write) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

tag
required

- 		+

The name of the tag

- 		+

string

-
+

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

2.21.4. listRepoTags

GET /api/v1/repository/{repository}/tag/

Authorizations: oauth2_implicit (repo:read) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Query parameters
TypeNameDescriptionSchema
+
Query parameters
TypeNameDescriptionSchema

query

- 		+

onlyActiveTags
optional

- 		+

Filter to only active tags.

- 		+

boolean

-
+

query

- 		+

page
optional

- 		+

Page index for the results. Default 1.

- 		+

integer

-
+

query

- 		+

limit
optional

- 		+

Limit to the number of results to return per page. Max 100.

- 		+

integer

-
+

query

- 		+

specificTag
optional

- 		+

Filters the tags to the specific tag.

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -13722,91 +13722,91 @@ Returns the list of repository permissions for the org’s team.

GET /api/v1/organization/{orgname}/team/{teamname}/permissions

Authorizations:  -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
+

path

- 		+

teamname
required

- 		+

The name of the team

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -13814,107 +13814,107 @@ Adds or invites a member to an existing team.

PUT /api/v1/organization/{orgname}/team/{teamname}/members/{membername}

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
+

path

- 		+

teamname
required

- 		+

The name of the team

- 		+

string

-
+

path

- 		+

membername
required

- 		+

The username of the team member

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -13922,107 +13922,107 @@ Delete a member of a team. 

If the user is merely invited to join the team, then the invite is removed instead.
DELETE /api/v1/organization/{orgname}/team/{teamname}/members/{membername}

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
+

path

- 		+

teamname
required

- 		+

The name of the team

- 		+

string

-
+

path

- 		+

membername
required

- 		+

The username of the team member

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -14030,107 +14030,107 @@ Retrieve the list of members for the specified team.

GET /api/v1/organization/{orgname}/team/{teamname}/members

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
+

path

- 		+

teamname
required

- 		+

The name of the team

- 		+

string

-
Query parameters
TypeNameDescriptionSchema
+
Query parameters
TypeNameDescriptionSchema

query

- 		+

includePending
optional

- 		+

Whether to include pending members

- 		+

boolean

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -14138,95 +14138,95 @@ Invites an email address to an existing team.

PUT /api/v1/organization/{orgname}/team/{teamname}/invite/{email}

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		  +  

string

-
+

path

- 		+

teamname
required

- 		  +  

string

-
+

path

- 		+

email
required

- 		  +  

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -14234,95 +14234,95 @@ Delete an invite of an email address to join a team.

DELETE /api/v1/organization/{orgname}/team/{teamname}/invite/{email}

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		  +  

string

-
+

path

- 		+

teamname
required

- 		  +  

string

-
+

path

- 		+

email
required

- 		  +  

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -14330,117 +14330,117 @@ Update the org-wide permission for the specified team.

PUT /api/v1/organization/{orgname}/team/{teamname}

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
+

path

- 		+

teamname
required

- 		+

The name of the team

- 		+

string

Request body schema (application/json)

Description of a team -

NameDescriptionSchema
+

NameDescriptionSchema

role
optional

- 		+

Org wide permissions that should apply to the team

- 		+

string

-
+

description
optional

- 		+

Markdown description for the team

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -14448,91 +14448,91 @@ Delete the specified team.

DELETE /api/v1/organization/{orgname}/team/{teamname}

Authorizations: oauth2_implicit (org:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

orgname
required

- 		+

The name of the organization

- 		+

string

-
+

path

- 		+

teamname
required

- 		+

The name of the team

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -14542,115 +14542,115 @@ Activate the specified build trigger.

POST /api/v1/repository/{repository}/trigger/{trigger_uuid}/activate

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
+

path

- 		+

trigger_uuid
required

- 		+

The UUID of the build trigger

- 		+

string

-
Request body schema (application/json)
NameDescriptionSchema
+
Request body schema (application/json)
NameDescriptionSchema

config
optional

- 		+

Arbitrary json.

- 		+

object

-
+

pull_robot
optional

- 		+

The name of the robot that will be used to pull images.

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -14658,107 +14658,107 @@ List the builds started by the specified trigger.

GET /api/v1/repository/{repository}/trigger/{trigger_uuid}/builds

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
+

path

- 		+

trigger_uuid
required

- 		+

The UUID of the build trigger

- 		+

string

-
Query parameters
TypeNameDescriptionSchema
+
Query parameters
TypeNameDescriptionSchema

query

- 		+

limit
optional

- 		+

The maximum number of builds to return

- 		+

integer

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -14766,125 +14766,125 @@ Manually start a build from the specified trigger.

POST /api/v1/repository/{repository}/trigger/{trigger_uuid}/start

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
+

path

- 		+

trigger_uuid
required

- 		+

The UUID of the build trigger

- 		+

string

Request body schema (application/json)

Optional run parameters for activating the build trigger -

NameDescriptionSchema
+

NameDescriptionSchema

branch_name
optional

- 		+

(SCM only) If specified, the name of the branch to build.

- 		+

string

-
+

commit_sha
optional

- 		+

(Custom Only) If specified, the ref/SHA1 used to checkout a git repository.

- 		+

string

-
+

refs
optional

- 		+

(SCM Only) If specified, the ref to build.

- 		 
Responses
HTTP CodeDescriptionSchema
+  
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -14892,91 +14892,91 @@ Get information for the specified build trigger.

GET /api/v1/repository/{repository}/trigger/{trigger_uuid}

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
+

path

- 		+

trigger_uuid
required

- 		+

The UUID of the build trigger

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -14984,105 +14984,105 @@ Updates the specified build trigger.

PUT /api/v1/repository/{repository}/trigger/{trigger_uuid}

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
+

path

- 		+

trigger_uuid
required

- 		+

The UUID of the build trigger

- 		+

string

Request body schema (application/json)

Options for updating a build trigger -

NameDescriptionSchema
+

NameDescriptionSchema

enabled
optional

- 		+

Whether the build trigger is enabled

- 		+

boolean

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -15090,91 +15090,91 @@ Delete the specified build trigger.

DELETE /api/v1/repository/{repository}/trigger/{trigger_uuid}

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
+

path

- 		+

trigger_uuid
required

- 		+

The UUID of the build trigger

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -15182,75 +15182,75 @@ List the triggers for the specified repository.

GET /api/v1/repository/{repository}/trigger/

Authorizations: oauth2_implicit (repo:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -15260,83 +15260,83 @@ Star a repository.

POST /api/v1/user/starred

Authorizations: oauth2_implicit (repo:read) -

Request body schema (application/json)
NameDescriptionSchema
+

Request body schema (application/json)
NameDescriptionSchema

namespace
optional

- 		+

Namespace in which the repository belongs

- 		+

string

-
+

repository
optional

- 		+

Repository name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

201

- 		+

Successful creation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -15344,75 +15344,75 @@ List all starred repositories.

GET /api/v1/user/starred

Authorizations: oauth2_implicit (user:admin) -

Query parameters
TypeNameDescriptionSchema
+

Query parameters
TypeNameDescriptionSchema

query

- 		+

next_page
optional

- 		+

The page token for the next page

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -15420,63 +15420,63 @@ Get user information for the authenticated user.

GET /api/v1/user/

Authorizations: oauth2_implicit (user:read) -

Responses
HTTP CodeDescriptionSchema
+

Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		+

UserView

-
+

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -15484,75 +15484,75 @@ Removes a star from a repository.

DELETE /api/v1/user/starred/{repository}

Authorizations: oauth2_implicit (user:admin) -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

repository
required

- 		+

The full path of the repository. e.g. namespace/name

- 		+

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

204

- 		+

Deleted

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

@@ -15560,371 +15560,371 @@ Get user information for the specified user.

GET /api/v1/users/{username}

Authorizations:  -

Path parameters
TypeNameDescriptionSchema
+

Path parameters
TypeNameDescriptionSchema

path

- 		+

username
required

- 		  +  

string

-
Responses
HTTP CodeDescriptionSchema
+
Responses
HTTP CodeDescriptionSchema

200

- 		+

Successful invocation

- 		 
+  

400

- 		+

Bad Request

- 		+

ApiError

-
+

401

- 		+

Session required

- 		+

ApiError

-
+

403

- 		+

Unauthorized access

- 		+

ApiError

-
+

404

- 		+

Not found

- 		+

ApiError

-

2.25. Definitions

2.25.1. ApiError

NameDescriptionSchema
+

2.25. Definitions

2.25.1. ApiError

NameDescriptionSchema

status
optional

- 		+

Status code of the response.

- 		+

integer

-
+

type
optional

- 		+

Reference to the type of the error.

- 		+

string

-
+

detail
optional

- 		+

Details about the specific instance of the error.

- 		+

string

-
+

title
optional

- 		+

Unique error code to identify the type of error.

- 		+

string

-
+

error_message
optional

- 		+

Deprecated; alias for detail

- 		+

string

-
+

error_type
optional

- 		+

Deprecated; alias for detail

- 		+

string

-

2.25.2. UserView

NameDescriptionSchema
+

2.25.2. UserView

NameDescriptionSchema

verified
optional

- 		+

Whether the user’s email address has been verified

- 		+

boolean

-
+

anonymous
optional

- 		+

true if this user data represents a guest user

- 		+

boolean

-
+

email
optional

- 		+

The user’s email address

- 		+

string

-
+

avatar
optional

- 		+

Avatar data representing the user’s icon

- 		+

object

-
+

organizations
optional

- 		+

Information about the organizations in which the user is a member

- 		+

array of object

-
+

logins
optional

- 		+

The list of external login providers against which the user has authenticated

- 		+

array of object

-
+

can_create_repo
optional

- 		+

Whether the user has permission to create repositories

- 		+

boolean

-
+

preferred_namespace
optional

- 		+

If true, the user’s namespace is the preferred namespace to display

- 		+

boolean

-

2.25.3. ViewMirrorConfig

NameDescriptionSchema
+

2.25.3. ViewMirrorConfig

NameDescriptionSchema

is_enabled
optional

- 		+

Used to enable or disable synchronizations.

- 		+

boolean

-
+

external_reference
optional

- 		+

Location of the external repository.

- 		+

string

-
+

external_registry_username
optional

- 		+

Username used to authenticate with external registry.

- 		 
+  

external_registry_password
optional

- 		+

Password used to authenticate with external registry.

- 		 
+  

sync_start_date
optional

- 		+

Determines the next time this repository is ready for synchronization.

- 		+

string

-
+

sync_interval
optional

- 		+

Number of seconds after next_start_date to begin synchronizing.

- 		+

integer

-
+

robot_username
optional

- 		+

Username of robot which will be used for image pushes.

- 		+

string

-
+

root_rule
optional

- 		+

A list of glob-patterns used to determine which tags should be synchronized.

- 		+

object

-
+

external_registry_config
optional

- 		  +  

object

-

2.25.4. ApiErrorDescription

NameDescriptionSchema
+

2.25.4. ApiErrorDescription

NameDescriptionSchema

type
optional

- 		+

A reference to the error type resource

- 		+

string

-
+

title
optional

- 		+

The title of the error. Can be used to uniquely identify the kind of error.

- 		+

string

-
+

description
optional

- 		+

A more detailed description of the error that may include help for fixing the issue.

- 		+

string

@@ -15946,7 +15946,7 @@ }, }

3.2. rule_rule object reference

    {
             "root_rule": {"rule_kind": "tag_glob_csv", "rule_value": ["latest", "foo", "bar"]},
-        }

Legal Notice

+ }

Legal Notice

Copyright © 2023 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. diff --git a/master/architecture/index.html b/master/architecture/index.html index be11f0fe6..53d5aa4b4 100644 --- a/master/architecture/index.html +++ b/master/architecture/index.html @@ -1,6 +1,6 @@ -Red Hat Quay architecture
Red Hat Quay 3.9

Red Hat Quay architecture

Red Hat Quay Architecture

Red Hat OpenShift Documentation Team

Abstract

+Red Hat Quay architecture
Red Hat Quay 3.9

Red Hat Quay architecture

Red Hat Quay Architecture

Red Hat OpenShift Documentation Team

Abstract

Red Hat Quay Architecture

Chapter 1. Red Hat Quay overview

Red Hat Quay is a distributed and highly available container image registry for your enterprise. @@ -430,99 +430,99 @@ Automatic synchronization or mirroring of selected (allowlisted) upstream repositories from external registries into a local Red Hat Quay deployment

Note

Repository mirroring and geo-replication can be used simultaneously. -

Table 6.1. Red Hat Quay Repository mirroring and geo-replication comparison

Feature / CapabilityGeo-replicationRepository mirroring
+

Table 6.1. Red Hat Quay Repository mirroring and geo-replication comparison

Feature / CapabilityGeo-replicationRepository mirroring

What is the feature designed to do?

- 		+

A shared, global registry

- 		+

Distinct, different registries

-
+

What happens if replication or mirroring has not been completed yet?

- 		+

The remote copy is used (slower)

- 		+

No image is served

-
+

Is access to all storage backends in both regions required?

- 		+

Yes (all Red Hat Quay nodes)

- 		+

No (distinct storage)

-
+

Can users push images from both sites to the same repository?

- 		+

Yes

- 		+

No

-
+

Is all registry content and configuration identical across all regions (shared database)?

- 		+

Yes

- 		+

No

-
+

Can users select individual namespaces or repositories to be mirrored?

- 		+

No

- 		+

Yes

-
+

Can users apply filters to synchronization rules?

- 		+

No

- 		+

Yes

-
+

Are individual / different role-base access control configurations allowed in each region

- 		+

No

- 		+

Yes

@@ -560,143 +560,143 @@ Stateless components of Red Hat Quay can be scaled out, but this will cause a heavier load on stateful backend services.

7.1. Red Hat Quay sample sizings

The following table shows approximate sizing for Proof of Concept, mid-size, and high-end deployments. Whether a deployment runs appropriately with the same metrics depends on many factors not shown below. -

MetricProof of conceptMid-sizeHigh End
(Quay.io)
+

MetricProof of conceptMid-sizeHigh End
(Quay.io)

No. of Quay containers by default

- 		+

1

- 		+

4

- 		+

15

-
+

No. of Quay containers max at scale-out

- 		+

N/A

- 		+

8

- 		+

30

-
+

No. of Clair containers by default

- 		+

1

- 		+

3

- 		+

10

-
+

No. of Clair containers max at scale-out

- 		+

N/A

- 		+

6

- 		+

15

-
+

No. of mirroring pods (to mirror 100 repositories)

- 		+

1

- 		+

5-10

- 		+

N/A

-
+

Database sizing

- 		+

2 -4 Cores
6-8 GB RAM
10-20 GB disk

- 		+

4-8 Cores
6-32 GB RAM
100 GB - 1 TB disk

- 		+

32 cores
244 GB
1+ TB disk

-
+

Object storage backend sizing

- 		+

10-100 GB

- 		+

1 - 20 TB

- 		+

50+ TB up to PB

-
+

Redis cache sizing

- 		  +  

2 Cores
2-4 GB RAM

- 		+

4 cores
28 GB RAM

-
+

Underlying node sizing
(physical or virtual)

- 		+

4 Cores
8 GB RAM

- 		+

4-6 Cores
12-16 GB RAM

- 		+

Quay:
13 cores
56GB RAM

Clair:
2 cores
4 GB RAM

@@ -732,7 +732,7 @@ Red Hat Quay can be used as an external registry in front of multiple OpenShift Container Platform clusters with their internal registries.

Red Hat Quay can also be used in place of the internal registry when it comes to automating builds and deployment rollouts. The required coordination of Secrets and ImageStreams is automated by the Quay Bridge Operator, which can be launched from the OperatorHub for OpenShift Container Platform. -

Legal Notice

+

Legal Notice

Copyright © 2023 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. diff --git a/master/config_quay/index.html b/master/config_quay/index.html index 03d80d852..66451e34b 100644 --- a/master/config_quay/index.html +++ b/master/config_quay/index.html @@ -1,6 +1,6 @@ -Configure Red Hat Quay
Red Hat Quay 3.9

Configure Red Hat Quay

Customizing Red Hat Quay using configuration options

Red Hat OpenShift Documentation Team

Abstract

+Configure Red Hat Quay
Red Hat Quay 3.9

Configure Red Hat Quay

Customizing Red Hat Quay using configuration options

Red Hat OpenShift Documentation Team

Abstract

Configure Red Hat Quay

Chapter 1. Getting started with Red Hat Quay configuration

Red Hat Quay can be deployed by an independent, standalone configuration, or by using the OpenShift Container Platform Red Hat Quay Operator. @@ -24,15 +24,15 @@ The following sections detail new configuration fields added in Red Hat Quay 3.9.

2.1.1. Addition of Splunk action logs

With Red Hat Quay 3.9, Splunk can be configured under the LOGS_MODEL parameter. -

Table 2.1. Splunk configuration fields

FieldTypeDescription
+

Table 2.1. Splunk configuration fields

FieldTypeDescription

LOGS_MODEL

- 		+

String

- 		+

Enable or disable the security scanner

Values: One of database, transition_reads_both_writes_es, elasticsearch, splunk
Default: database

@@ -75,101 +75,101 @@ ---

2.1.2. Quota management configuration fields

The following configuration fields have been added to enhance the Red Hat Quay quota management feature. -

Table 2.2. Red Hat Quay 3.9 configuration fields

FieldTypeDescription
+

Table 2.2. Red Hat Quay 3.9 configuration fields

FieldTypeDescription

QUOTA_BACKFILL

- 		+

Boolean

- 		+

Enables the quota backfill worker to calculate the size of pre-existing blobs.

Default: True

-
+

QUOTA_TOTAL_DELAY_SECONDS

- 		+

String

- 		+

The time delay for starting the quota backfill. Rolling deployments can cause incorrect totals. This field must be set to a time longer than it takes for the rolling deployment to complete.

Default: 1800

-
+

PERMANENTLY_DELETE_TAGS

- 		+

Boolean

- 		+

Enables functionality related to the removal of tags from the time machine window.

Default: False

-
+

RESET_CHILD_MANIFEST_EXPIRATION

- 		+

Boolean

- 		+

Resets the expirations of temporary tags targeting the child manifests. With this feature set to True, child manifests are immediately garbage collected.

Default: False

2.1.3. Possible quota management configuration settings

The following table explains possible quota management configuration settings in Red Hat Quay 3.9. -

Table 2.3. Quota management configuration options

FEATURE_QUOTA_MANAGEMENTQUOTA_BACKFILLOUTCOME
+

Table 2.3. Quota management configuration options

FEATURE_QUOTA_MANAGEMENTQUOTA_BACKFILLOUTCOME

true

- 		+

true

- 		+

With these features configured as true, quota management is enabled and working for Red Hat Quay 3.9. For more information about configuring quota management for Red Hat Quay 3.9, see "Quota management for Red Hat Quay 3.9".

-
+

true

- 		+

false

- 		+

With FEATURE_QUOTA_MANAGEMENT set to true, and QUOTA_BACKFILL set to false, the quota management feature has been enabled. However, pre-existing images from a prior (N-1) y-stream version of Red Hat Quay (for example, 3.8), must be backfilled before quota calculation can continue. To backfill image sizes, set QUOTA_BACKFILL to true.

-
+

false

- 		+

false

- 		+

With these features configured as false, the quota management feature is disabled.

-
+

false

- 		+

true

- 		+

With FEATURE_QUOTA_MANAGEMENT set to false, and QUOTA_BACKFILL set to true, the quota management feature is disabled.

@@ -344,75 +344,75 @@ Legacy options

3.4. General required fields

The following table describes the required configuration fields for a Red Hat Quay deployment: -

Table 3.1. General required fields

FieldTypeDescription
+

Table 3.1. General required fields

FieldTypeDescription

AUTHENTICATION_TYPE
(Required)

- 		+

String

- 		+

The authentication engine to use for credential authentication.

Values:
One of Database, LDAP, JWT, Keystone, OIDC

Default: Database

-
+

PREFERRED_URL_SCHEME
(Required)

- 		+

String

- 		+

The URL scheme to use when accessing Red Hat Quay.

Values:
One of http, https

Default: http

-
+

SERVER_HOSTNAME
(Required)

- 		+

String

- 		+

The URL at which Red Hat Quay is accessible, without the scheme.

Example:
quay-server.example.com

-
+

DATABASE_SECRET_KEY
(Required)

- 		+

String

- 		+

Key used to encrypt sensitive fields within the database. This value should never be changed once set, otherwise all reliant fields, for example, repository mirror username and password configurations, are invalidated.

-
+

SECRET_KEY
(Required)

- 		+

String

- 		+

Key used to encrypt sensitive fields within the database and at run time. This value should never be changed once set, otherwise all reliant fields, for example, encrypted password credentials, are invalidated.

-
+

SETUP_COMPLETE
(Required)

- 		+

Boolean

- 		+

This is an artefact left over from earlier versions of the software and currently it must be specified with a value of true.

@@ -422,15 +422,15 @@ With Red Hat Quay, connection to the database is configured by using the required DB_URI field.

The following table describes the DB_URI configuration field: -

Table 3.2. Database URI

FieldTypeDescription
+

Table 3.2. Database URI

FieldTypeDescription

DB_URI
(Required)

- 		+

String

- 		+

The URI for accessing the database, including any credentials.

@@ -444,39 +444,39 @@ Optional connection arguments are configured by the DB_CONNECTION_ARGS parameter. Some of the key-value pairs defined under DB_CONNECTION_ARGS are generic, while others are database specific.

The following table describes database connection arguments: -

Table 3.3. Database connection arguments

FieldTypeDescription
+

Table 3.3. Database connection arguments

FieldTypeDescription

DB_CONNECTION_ARGS

- 		+

Object

- 		+

Optional connection arguments for the database, such as timeouts and SSL/TLS.

-
+

.autorollback

- 		+

Boolean

- 		+

Whether to use thread-local connections.
Should always be true

-
+

.threadlocals

- 		+

Boolean

- 		+

Whether to use auto-rollback connections.
Should always be true

@@ -486,51 +486,51 @@ sslmode: verify-ca sslrootcert: /path/to/cacert

The sslmode option determines whether, or with, what priority a secure SSL/TLS TCP/IP connection will be negotiated with the server. There are six modes: -

Table 3.4. SSL/TLS options

ModeDescription
+

Table 3.4. SSL/TLS options

ModeDescription

disable

- 		+

Your configuration only tries non-SSL/TLS connections.

-
+

allow

- 		+

Your configuration first tries a non-SSL/TLS connection. Upon failure, tries an SSL/TLS connection.

-
+

prefer
(Default)

- 		+

Your configuration first tries an SSL/TLS connection. Upon failure, tries a non-SSL/TLS connection.

-
+

require

- 		+

Your configuration only tries an SSL/TLS connection. If a root CA file is present, it verifies the certificate in the same way as if verify-ca was specified.

-
+

verify-ca

- 		+

Your configuration only tries an SSL/TLS connection, and verifies that the server certificate is issued by a trusted certificate authority (CA).

-
+

verify-full

- 		+

Only tries an SSL/TLS connection, and verifies that the server certificate is issued by a trusted CA and that the requested server hostname matches that in the certificate.

@@ -546,89 +546,89 @@ This section details the image storage features and configuration fields that are available with Red Hat Quay.

3.6.1. Image storage features

The following table describes the image storage features for Red Hat Quay: -

Table 3.5. Storage config features

FieldTypeDescription
+

Table 3.5. Storage config features

FieldTypeDescription

FEATURE_REPO_MIRROR

- 		+

Boolean

- 		+

If set to true, enables repository mirroring.

Default: false

-
+

FEATURE_PROXY_STORAGE

- 		+

Boolean

- 		+

Whether to proxy all direct download URLs in storage through NGINX.

Default: false

-
+

FEATURE_STORAGE_REPLICATION

- 		+

Boolean

- 		+

Whether to automatically replicate between storage engines.

Default: false

3.6.2. Image storage configuration fields

The following table describes the image storage configuration fields for Red Hat Quay: -

Table 3.6. Storage config fields

FieldTypeDescription
+

Table 3.6. Storage config fields

FieldTypeDescription

DISTRIBUTED_STORAGE_CONFIG
(Required)

- 		+

Object

- 		+

Configuration for storage engine(s) to use in Red Hat Quay. Each key represents an unique identifier for a storage engine. The value consists of a tuple of (key, value) forming an object describing the storage engine parameters.

Default: []

-
+

DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS
(Required)

- 		+

Array of string

- 		+

The list of storage engine(s) (by ID in DISTRIBUTED_STORAGE_CONFIG) whose images should be fully replicated, by default, to all other storage engines.

-
+

DISTRIBUTED_STORAGE_PREFERENCE
(Required)

- 		+

Array of string

- 		+

The preferred storage engine(s) (by ID in DISTRIBUTED_STORAGE_CONFIG) to use. A preferred engine means it is first checked for pulling and images are pushed to it.

Default: false

-
+

MAXIMUM_LAYER_SIZE

- 		+

String

- 		+

Maximum allowed size of an image layer.

Pattern: ^[0-9]+(G|M)$

Example: 100G

Default: 20G

@@ -737,197 +737,197 @@ This section details the configuration fields available for Redis deployments.

3.7.1. Build logs

The following build logs configuration fields are available for Redis deployments: -

Table 3.7. Build logs configuration

FieldTypeDescription
+

Table 3.7. Build logs configuration

FieldTypeDescription

BUILDLOGS_REDIS
(Required)

- 		+

Object

- 		+

Redis connection details for build logs caching.

-
+

.host
(Required)

- 		+

String

- 		+

The hostname at which Redis is accessible.
Example:
quay-server.example.com

-
+

.port
(Required)

- 		+

Number

- 		+

The port at which Redis is accessible.
Example:
6379

-
+

.password

- 		+

String

- 		+

The password to connect to the Redis instance.
Example:
strongpassword

-
+

.ssl
(Optional)

- 		+

Boolean

- 		+

Whether to enable TLS communication between Redis and Quay. Defaults to false.

3.7.2. User events

The following user event fields are available for Redis deployments: -

Table 3.8. User events config

FieldTypeDescription
+

Table 3.8. User events config

FieldTypeDescription

USER_EVENTS_REDIS
(Required)

- 		+

Object

- 		+

Redis connection details for user event handling.

-
+

.host
(Required)

- 		+

String

- 		+

The hostname at which Redis is accessible.
Example:
quay-server.example.com

-
+

.port
(Required)

- 		+

Number

- 		+

The port at which Redis is accessible.
Example:
6379

-
+

.password

- 		+

String

- 		+

The password to connect to the Redis instance.
Example:
strongpassword

-
+

.ssl

- 		+

Boolean

- 		+

Whether to enable TLS communication between Redis and Quay. Defaults to false.

-
+

.ssl_keyfile
(Optional)

- 		+

String

- 		+

The name of the key database file, which houses the client certificate to be used.
Example:
ssl_keyfile: /path/to/server/privatekey.pem

-
+

.ssl_certfile
(Optional)

- 		+

String

- 		+

Used for specifying the file path of the SSL certificate.
Example:
ssl_certfile: /path/to/server/certificate.pem

-
+

.ssl_cert_reqs
(Optional)

- 		+

String

- 		+

Used to specify the level of certificate validation to be performed during the SSL/TLS handshake.
Example:
ssl_cert_reqs: CERT_REQUIRED

-
+

.ssl_ca_certs
(Optional)

- 		+

String

- 		+

Used to specify the path to a file containing a list of trusted Certificate Authority (CA) certificates.
Example:
ssl_ca_certs: /path/to/ca_certs.pem

-
+

.ssl_ca_data
(Optional)

- 		+

String

- 		+

Used to specify a string containing the trusted CA certificates in PEM format.
Example:
ssl_ca_data: <certificate>

-
+

.ssl_check_hostname
(Optional)

- 		+

Boolean

- 		+

Used when setting up an SSL/TLS connection to a server. It specifies whether the client should check that the hostname in the server’s SSL/TLS certificate matches the hostname of the server it is connecting to.
Example:
ssl_check_hostname: true

@@ -978,51 +978,51 @@ skip_full_coverage_check: <true | false> ssl: <true | false >

3.9. Tag expiration configuration fields

The following tag expiration configuration fields are available with Red Hat Quay: -

Table 3.9. Tag expiration configuration fields

FieldTypeDescription
+

Table 3.9. Tag expiration configuration fields

FieldTypeDescription

FEATURE_GARBAGE_COLLECTION

- 		+

Boolean

- 		+

Whether garbage collection of repositories is enabled.

Default: True

-
+

TAG_EXPIRATION_OPTIONS
(Required)

- 		+

Array of string

- 		+

If enabled, the options that users can select for expiration of tags in their namespace.

Pattern:
^[0-9]+(w|m|d|h|s)$

-
+

DEFAULT_TAG_EXPIRATION
(Required)

- 		+

String

- 		+

The default, configurable tag expiration time for time machine.

Pattern:
^[0-9]+(w|m|d|h|s)$
Default: 2w

-
+

FEATURE_CHANGE_TAG_EXPIRATION

- 		+

Boolean

- 		+

Whether users and organizations are allowed to change the tag expiration for tags in their namespace.

Default: True

@@ -1034,89 +1034,89 @@ - 1d - 1w - 2w - - 4w

3.10. Quota management configuration fields

Table 3.10. Quota management configuration

FieldTypeDescription
+ - 4w

3.10. Quota management configuration fields

Table 3.10. Quota management configuration

FieldTypeDescription

FEATURE_QUOTA_MANAGEMENT

- 		+

Boolean

- 		+

Enables configuration, caching, and validation for quota management feature. 

**Default:** `False`
-
+

DEFAULT_SYSTEM_REJECT_QUOTA_BYTES

- 		+

String

- 		+

Enables system default quota reject byte allowance for all organizations.

By default, no limit is set.

-
+

QUOTA_BACKFILL

- 		+

Boolean

- 		+

Enables the quota backfill worker to calculate the size of pre-existing blobs.

Default: True

-
+

QUOTA_TOTAL_DELAY_SECONDS

- 		+

String

- 		+

The time delay for starting the quota backfill. Rolling deployments can cause incorrect totals. This field must be set to a time longer than it takes for the rolling deployment to complete.

Default: 1800

-
+

PERMANENTLY_DELETE_TAGS

- 		+

Boolean

- 		+

Enables functionality related to the removal of tags from the time machine window.

Default: False

-
+

RESET_CHILD_MANIFEST_EXPIRATION

- 		+

Boolean

- 		+

Resets the expirations of temporary tags targeting the child manifests. With this feature set to True, child manifests are immediately garbage collected.

@@ -1132,15 +1132,15 @@ PERMANENTLY_DELETE_TAGS: true QUOTA_TOTAL_DELAY_SECONDS: 1800 RESET_CHILD_MANIFEST_EXPIRATION: true -

3.11. Proxy cache configuration fields

Table 3.11. Proxy configuration

FieldTypeDescription
+

3.11. Proxy cache configuration fields

Table 3.11. Proxy configuration

FieldTypeDescription

FEATURE_PROXY_CACHE

- 		+

Boolean

- 		+

Enables Red Hat Quay to act as a pull through cache for upstream registries.

@@ -1329,150 +1329,150 @@ "invoice_email_address": null, "tag_expiration_s": 1209600, "is_free_account": true -}

3.13. Basic configuration fields

Table 3.12. Basic configuration

FieldTypeDescription
+}

3.13. Basic configuration fields

Table 3.12. Basic configuration

FieldTypeDescription

REGISTRY_TITLE

- 		+

String

- 		+

If specified, the long-form title for the registry. Displayed in frontend of your Red Hat Quay deployment, for example, at the sign in page of your organization. Should not exceed 35 characters.
Default:
Red Hat Quay

-
+

REGISTRY_TITLE_SHORT

- 		+

String

- 		+

If specified, the short-form title for the registry. Title is displayed on various pages of your organization, for example, as the title of the tutorial on your organization’s Tutorial page.
Default:
Red Hat Quay

-
+

CONTACT_INFO

- 		+

Array of String

- 		+

If specified, contact information to display on the contact page. If only a single piece of contact information is specified, the contact footer will link directly.

-
+

[0]

- 		+

String

- 		+

Adds a link to send an e-mail.

Pattern:
^mailto:(.)+$
Example:
mailto:support@quay.io

-
+

[1]

- 		+

String

- 		+

Adds a link to visit an IRC chat room.

Pattern:
^irc://(.)+$
Example:
irc://chat.freenode.net:6665/quay

-
+

[2]

- 		+

String

- 		+

Adds a link to call a phone number.+
Pattern:
^tel:(.)+$
Example:
tel:+1-888-930-3475

-
+

[3]

- 		+

String

- 		+

Adds a link to a defined URL.

Pattern:
^http(s)?://(.)+$
Example:
https://twitter.com/quayio

-

3.14. SSL configuration fields

Table 3.13. SSL configuration

FieldTypeDescription
+

3.14. SSL configuration fields

Table 3.13. SSL configuration

FieldTypeDescription

PREFERRED_URL_SCHEME

- 		+

String

- 		+

One of http or https. Note that users only set their PREFERRED_URL_SCHEME to http when there is no TLS encryption in the communication path from the client to Quay.

+ Users must set their PREFERRED_URL_SCHEME`to `https when using a TLS-terminating load balancer, a reverse proxy (for example, Nginx), or when using Quay with custom SSL certificates directly. In most cases, the PREFERRED_URL_SCHEME should be https.
Default: http

-
+

SERVER_HOSTNAME
(Required)

- 		+

String

- 		+

The URL at which Red Hat Quay is accessible, without the scheme

Example:
quay-server.example.com

-
+

SSL_CIPHERS

- 		+

Array of String

- 		+

If specified, the nginx-defined list of SSL ciphers to enabled and disabled

Example:
[CAMELLIA, !3DES]

-
+

SSL_PROTOCOLS

- 		+

Array of String

- 		+

If specified, nginx is configured to enabled a list of SSL protocols defined in the list. Removing an SSL protocol from the list disables the protocol during Red Hat Quay startup.

Example:
['TLSv1','TLSv1.1','TLSv1.2', `TLSv1.3]`

-
+

SESSION_COOKIE_SECURE

- 		+

Boolean

- 		+

Whether the secure property should be set on session cookies

Default:
False

Recommendation:
Set to True for all installations using SSL

@@ -1516,171 +1516,171 @@ Examine the certificate copied into the container namespace: 

$ sudo podman exec -it 5a3e82c4a75f cat /etc/ssl/certs/storage.pem
 -----BEGIN CERTIFICATE-----
-MIIDTTCCAjWgAwIBAgIJAMVr9ngjJhzbMA0GCSqGSIb3DQEBCwUAMD0xCzAJBgNV

3.16. LDAP configuration fields

Table 3.14. LDAP configuration

FieldTypeDescription
+MIIDTTCCAjWgAwIBAgIJAMVr9ngjJhzbMA0GCSqGSIb3DQEBCwUAMD0xCzAJBgNV

3.16. LDAP configuration fields

Table 3.14. LDAP configuration

FieldTypeDescription

AUTHENTICATION_TYPE
(Required)

- 		+

String

- 		+

Must be set to LDAP.

-
+

FEATURE_TEAM_SYNCING

- 		+

Boolean

- 		+

Whether to allow for team membership to be synced from a backing group in the authentication engine (LDAP or Keystone).

Default: true

-
+

FEATURE_NONSUPERUSER_TEAM_SYNCING_SETUP

- 		+

Boolean

- 		+

If enabled, non-superusers can setup syncing on teams using LDAP.

Default: false

-
+

LDAP_ADMIN_DN

- 		+

String

- 		+

The admin DN for LDAP authentication.

-
+

LDAP_ADMIN_PASSWD

- 		+

String

- 		+

The admin password for LDAP authentication.

-
+

LDAP_ALLOW_INSECURE_FALLBACK

- 		+

Boolean

- 		+

Whether or not to allow SSL insecure fallback for LDAP authentication.

-
+

LDAP_BASE_DN

- 		+

Array of String

- 		+

The base DN for LDAP authentication.

-
+

LDAP_EMAIL_ATTR

- 		+

String

- 		+

The email attribute for LDAP authentication.

-
+

LDAP_UID_ATTR

- 		+

String

- 		+

The uid attribute for LDAP authentication.

-
+

LDAP_URI

- 		+

String

- 		+

The LDAP URI.

-
+

LDAP_USER_FILTER

- 		+

String

- 		+

The user filter for LDAP authentication.

-
+

LDAP_USER_RDN

- 		+

Array of String

- 		+

The user RDN for LDAP authentication.

-
+

TEAM_RESYNC_STALE_TIME

- 		+

String

- 		+

If team syncing is enabled for a team, how often to check its membership and resync if necessary.

Pattern:
^[0-9]+(w|m|d|h|s)$
Example:
2h
Default:
30m

-
+

LDAP_SUPERUSER_FILTER

- 		+

String

- 		+

Subset of the LDAP_USER_FILTER configuration field. When configured, allows Red Hat Quay administrators the ability to configure Lightweight Directory Access Protocol (LDAP) users as superusers when Red Hat Quay uses LDAP as its authentication provider.

@@ -1690,45 +1690,45 @@

This field requires that your AUTHENTICATION_TYPE is set to LDAP.

-
+

LDAP_RESTRICTED_USER_FILTER

- 		+

String

- 		+

Subset of the LDAP_USER_FILTER configuration field. When configured, allows Red Hat Quay administrators the ability to configure Lightweight Directory Access Protocol (LDAP) users as restricted users when Red Hat Quay uses LDAP as its authentication provider.

This field requires that your AUTHENTICATION_TYPE is set to LDAP.

-
+

LDAP_TIMEOUT

- 		+

Integer

- 		+

Determines the maximum time period. in seconds, allowed for establishing a connection to the Lightweight Directory Access Protocol (LDAP) server.

+ Default: 10

-
+

LDAP_NETWORK_TIMEOUT

- 		+

Integer

- 		+

Defines the maximum time duration, in seconds, that Red Hat Quay waits for a response from the Lightweight Directory Access Protocol (LDAP) server during network operations.

@@ -1794,165 +1794,165 @@ - ou=<example_organization_unit> - o=<organization_id> - dc=<example_domain_component> - - dc=com

3.17. Mirroring configuration fields

Table 3.15. Mirroring configuration

FieldTypeDescription
+ - dc=com

3.17. Mirroring configuration fields

Table 3.15. Mirroring configuration

FieldTypeDescription

FEATURE_REPO_MIRROR

- 		+

Boolean

- 		+

Enable or disable repository mirroring

Default: false

-
+

REPO_MIRROR_INTERVAL

- 		+

Number

- 		+

The number of seconds between checking for repository mirror candidates

Default: 30

-
+

REPO_MIRROR_SERVER_HOSTNAME

- 		+

String

- 		+

Replaces the SERVER_HOSTNAME as the destination for mirroring.

Default: None

Example:
openshift-quay-service

-
+

REPO_MIRROR_TLS_VERIFY

- 		+

Boolean

- 		+

Require HTTPS and verify certificates of Quay registry during mirror.

Default: false

-
+

REPO_MIRROR_ROLLBACK

- 		+

Boolean

- 		+

When set to true, the repository rolls back after a failed mirror attempt.

Default: false

-

3.18. Security scanner configuration fields

Table 3.16. Security scanner configuration

FieldTypeDescription
+

3.18. Security scanner configuration fields

Table 3.16. Security scanner configuration

FieldTypeDescription

FEATURE_SECURITY_SCANNER

- 		+

Boolean

- 		+

Enable or disable the security scanner

Default: false

-
+

FEATURE_SECURITY_NOTIFICATIONS

- 		+

Boolean

- 		+

If the security scanner is enabled, turn on or turn off security notifications

Default: false

-
+

SECURITY_SCANNER_V4_REINDEX_THRESHOLD

- 		+

String

- 		+

This parameter is used to determine the minimum time, in seconds, to wait before re-indexing a manifest that has either previously failed or has changed states since the last indexing. The data is calculated from the last_indexed datetime in the manifestsecuritystatus table. This parameter is used to avoid trying to re-index every failed manifest on every indexing run. The default time to re-index is 300 seconds.

-
+

SECURITY_SCANNER_V4_ENDPOINT

- 		+

String

- 		+

The endpoint for the V4 security scanner

Pattern:
^http(s)?://(.)+$

Example:
http://192.168.99.101:6060

-
+

SECURITY_SCANNER_V4_PSK

- 		+

String

- 		+

The generated pre-shared key (PSK) for Clair

-
+

SECURITY_SCANNER_ENDPOINT

- 		+

String

- 		+

The endpoint for the V2 security scanner

Pattern:
^http(s)?://(.)+$

Example:
http://192.168.99.100:6060

-
+

SECURITY_SCANNER_INDEXING_INTERVAL

- 		+

Integer

- 		+

This parameter is used to determine the number of seconds between indexing intervals in the security scanner. When indexing is triggered, Red Hat Quay will query its database for manifests that must be indexed by Clair. These include manifests that have not yet been indexed and manifests that previously failed indexing.

+ Default: 30

-
+

FEATURE_SECURITY_SCANNER_NOTIFY_ON_NEW_INDEX

- 		+

Boolean

- 		+

Whether to allow sending notifications about vulnerabilities for new pushes.

@@ -1978,101 +1978,101 @@ SECURITY_SCANNER_V4_PSK: MTU5YzA4Y2ZkNzJoMQ== SERVER_HOSTNAME: quay-server.example.com ... -

3.19. Helm configuration fields

Table 3.17. Helm configuration fields

FieldTypeDescription
+

3.19. Helm configuration fields

Table 3.17. Helm configuration fields

FieldTypeDescription

FEATURE_GENERAL_OCI_SUPPORT

- 		+

Boolean

- 		+

Enable support for OCI artifacts.

Default: True

The following Open Container Initiative (OCI) artifact types are built into Red Hat Quay by default and are enabled through the FEATURE_GENERAL_OCI_SUPPORT configuration field: -

FieldMedia TypeSupported content types
+

FieldMedia TypeSupported content types

Helm

- 		+

application/vnd.cncf.helm.config.v1+json

- 		+

application/tar+gzip, application/vnd.cncf.helm.chart.content.v1.tar+gzip

-
+

Cosign

- 		+

application/vnd.oci.image.config.v1+json

- 		+

application/vnd.dev.cosign.simplesigning.v1+json, application/vnd.dsse.envelope.v1+json

-
+

SPDX

- 		+

application/vnd.oci.image.config.v1+json

- 		+

text/spdx, text/spdx+xml, text/spdx+json

-
+

Syft

- 		+

application/vnd.oci.image.config.v1+json

- 		+

application/vnd.syft+json

-
+

CycloneDX

- 		+

application/vnd.oci.image.config.v1+json

- 		+

application/vnd.cyclonedx, application/vnd.cyclonedx+xml, application/vnd.cyclonedx+json

-
+

In-toto

- 		+

application/vnd.oci.image.config.v1+json

- 		+

application/vnd.in-toto+json

-
+

Unknown

- 		+

application/vnd.cncf.openpolicyagent.policy.layer.v1+rego

- 		+

application/vnd.cncf.openpolicyagent.policy.layer.v1+rego, application/vnd.cncf.openpolicyagent.data.layer.v1+json

@@ -2081,15 +2081,15 @@

Helm YAML configuration

FEATURE_GENERAL_OCI_SUPPORT: true
-

3.20. Open Container Initiative configuration fields

Table 3.18. Additional OCI artifact configuration field

FieldTypeDescription
+

3.20. Open Container Initiative configuration fields

Table 3.18. Additional OCI artifact configuration field

FieldTypeDescription

ALLOWED_OCI_ARTIFACT_TYPES

- 		+

Object

- 		+

The set of allowed OCI artifact mimetypes and the associated layer types.

@@ -2121,15 +2121,15 @@ - application/vnd.sylabs.sif.layer.v1+tar

Note

When adding OCI artifact types that are not configured by default, Red Hat Quay administrators will also need to manually add support for cosign and Helm if desired. -

3.21. Unknown media types

Table 3.19. Unknown media types configuration field

FieldTypeDescription
+

3.21. Unknown media types

Table 3.19. Unknown media types configuration field

FieldTypeDescription

IGNORE_UNKNOWN_MEDIATYPES

- 		+

Boolean

- 		+

When enabled, allows a container registry platform to disregard specific restrictions on supported artifact types and accept any unrecognized or unknown media types.

@@ -2141,39 +2141,39 @@

Unknown media types YAML configuration

IGNORE_UNKNOWN_MEDIATYPES: true
-

3.22. Action log configuration fields

3.22.1. Action log storage configuration

Table 3.20. Action log storage configuration

FieldTypeDescription
+

3.22. Action log configuration fields

3.22.1. Action log storage configuration

Table 3.20. Action log storage configuration

FieldTypeDescription

FEATURE_LOG_EXPORT

- 		+

Boolean

- 		+

Whether to allow exporting of action logs

Default: True

-
+

LOGS_MODEL

- 		+

String

- 		+

Enable or disable the security scanner

Values: One of database, transition_reads_both_writes_es, elasticsearch, splunk
Default: database

-
+

LOGS_MODEL_CONFIG

- 		+

Object

- 		+

Logs model config for action logs

@@ -2279,794 +2279,794 @@ index_prefix [string]: Splunk’s index prefix.
  • ssl_ca_path [string]: The relative container path to a single .pem file containing a certificate authority (CA) for SSL validation. -

    • 3.22.2. Action log rotation and archiving configuration

    Table 3.21. Action log rotation and archiving configuration

    FieldTypeDescription
    +

    3.22.2. Action log rotation and archiving configuration

    Table 3.21. Action log rotation and archiving configuration

    FieldTypeDescription

    FEATURE_ACTION_LOG_ROTATION

    -     		+

    Boolean

    -     		+

    Enabling log rotation and archival will move all logs older than 30 days to storage

    Default: false

    -
    +

    ACTION_LOG_ARCHIVE_LOCATION

    -     		+

    String

    -     		+

    If action log archiving is enabled, the storage engine in which to place the archived data

    Example:: s3_us_east

    -
    +

    ACTION_LOG_ARCHIVE_PATH

    -     		+

    String

    -     		+

    If action log archiving is enabled, the path in storage in which to place the archived data

    Example: archives/actionlogs

    -
    +

    ACTION_LOG_ROTATION_THRESHOLD

    -     		+

    String

    -     		+

    The time interval after which to rotate logs

    Example: 30d

    -

    3.23. Build logs configuration fields

    Table 3.22. Build logs configuration fields

    FieldTypeDescription
    +

    3.23. Build logs configuration fields

    Table 3.22. Build logs configuration fields

    FieldTypeDescription

    FEATURE_READER_BUILD_LOGS

    -     		+

    Boolean

    -     		+

    If set to true, build logs may be read by those with read access to the repo, rather than only write access or admin access.

    Default: False

    -
    +

    LOG_ARCHIVE_LOCATION

    -     		+

    String

    -     		+

    The storage location, defined in DISTRIBUTED_STORAGE_CONFIG, in which to place the archived build logs

    Example: s3_us_east

    -
    +

    LOG_ARCHIVE_PATH

    -     		+

    String

    -     		+

    The path under the configured storage engine in which to place the archived build logs in JSON form

    Example: archives/buildlogs

    -

    3.24. Dockerfile build triggers fields

    Table 3.23. Dockerfile build support

    FieldTypeDescription
    +

    3.24. Dockerfile build triggers fields

    Table 3.23. Dockerfile build support

    FieldTypeDescription

    FEATURE_BUILD_SUPPORT

    -     		+

    Boolean

    -     		+

    Whether to support Dockerfile build.

    Default: False

    -
    +

    SUCCESSIVE_TRIGGER_FAILURE_DISABLE_THRESHOLD

    -     		+

    Number

    -     		+

    If not None, the number of successive failures that can occur before a build trigger is automatically disabled

    Default: 100

    -
    +

    SUCCESSIVE_TRIGGER_INTERNAL_ERROR_DISABLE_THRESHOLD

    -     		+

    Number

    -     		+

    If not None, the number of successive internal errors that can occur before a build trigger is automatically disabled

    Default: 5

    -

    3.24.1. GitHub build triggers

    Table 3.24. GitHub build triggers

    FieldTypeDescription
    +

    3.24.1. GitHub build triggers

    Table 3.24. GitHub build triggers

    FieldTypeDescription

    FEATURE_GITHUB_BUILD

    -     		+

    Boolean

    -     		+

    Whether to support GitHub build triggers

    Default: False

    -
    +

     

    -     		+

     

    -     		+

     

    -
    +

    GITHUB_TRIGGER_CONFIG

    -     		+

    Object

    -     		+

    Configuration for using GitHub (Enterprise) for build triggers

    -
    +

       .GITHUB_ENDPOINT
       (Required)

    -     		+

    String

    -     		+

    The endpoint for GitHub (Enterprise)

    Example: https://github.com/

    -
    +

       .API_ENDPOINT

    -     		+

    String

    -     		+

    The endpoint of the GitHub (Enterprise) API to use. Must be overridden for github.com

    Example: https://api.github.com/

    -
    +

       .CLIENT_ID
       (Required)

    -     		+

    String

    -     		+

    The registered client ID for this Red Hat Quay instance; this cannot be shared with GITHUB_LOGIN_CONFIG.

    -
    +

       .CLIENT_SECRET
       (Required)

    -     		+

    String

    -     		+

    The registered client secret for this Red Hat Quay instance.

    -

    3.24.2. BitBucket build triggers

    Table 3.25. BitBucket build triggers

    FieldTypeDescription
    +

    3.24.2. BitBucket build triggers

    Table 3.25. BitBucket build triggers

    FieldTypeDescription

    FEATURE_BITBUCKET_BUILD

    -     		+

    Boolean

    -     		+

    Whether to support Bitbucket build triggers

    Default: False

    -
    +

     

    -     		+

     

    -     		+

     

    -
    +

    BITBUCKET_TRIGGER_CONFIG

    -     		+

    Object

    -     		+

    Configuration for using BitBucket for build triggers

    -
    +

       .CONSUMER_KEY
       (Required)

    -     		+

    String

    -     		+

    The registered consumer key (client ID) for this Quay instance

    -
    +

       .CONSUMER_SECRET
       (Required)

    -     		+

    String

    -     		+

    The registered consumer secret (client secret) for this Quay instance

    -

    3.24.3. GitLab build triggers

    Table 3.26. GitLab build triggers

    FieldTypeDescription
    +

    3.24.3. GitLab build triggers

    Table 3.26. GitLab build triggers

    FieldTypeDescription

    FEATURE_GITLAB_BUILD

    -     		+

    Boolean

    -     		+

    Whether to support GitLab build triggers

    Default: False

    -
    +

     

    -     		+

     

    -     		+

     

    -
    +

    GITLAB_TRIGGER_CONFIG

    -     		+

    Object

    -     		+

    Configuration for using Gitlab for build triggers

    -
    +

       .GITLAB_ENDPOINT
       (Required)

    -     		+

    String

    -     		+

    The endpoint at which Gitlab (Enterprise) is running

    -
    +

       .CLIENT_ID
       (Required)

    -     		+

    String

    -     		+

    The registered client ID for this Quay instance

    -
    +

       .CLIENT_SECRET
       (Required)

    -     		+

    String

    -     		+

    The registered client secret for this Quay instance

    -

    3.25. OAuth configuration fields

    Table 3.27. OAuth fields

    FieldTypeDescription
    +

    3.25. OAuth configuration fields

    Table 3.27. OAuth fields

    FieldTypeDescription

    DIRECT_OAUTH_CLIENTID_WHITELIST

    -     		+

    Array of String

    -     		+

    A list of client IDs for Quay-managed applications that are allowed to perform direct OAuth approval without user approval.

    -

    3.25.1. GitHub OAuth configuration fields

    Table 3.28. GitHub OAuth fields

    FieldTypeDescription
    +

    3.25.1. GitHub OAuth configuration fields

    Table 3.28. GitHub OAuth fields

    FieldTypeDescription

    FEATURE_GITHUB_LOGIN

    -     		+

    Boolean

    -     		+

    Whether GitHub login is supported

    **Default: False

    -
    +

    GITHUB_LOGIN_CONFIG

    -     		+

    Object

    -     		+

    Configuration for using GitHub (Enterprise) as an external login provider.

    -
    +

       .ALLOWED_ORGANIZATIONS

    -     		+

    Array of String

    -     		+

    The names of the GitHub (Enterprise) organizations whitelisted to work with the ORG_RESTRICT option.

    -
    +

       .API_ENDPOINT

    -     		+

    String

    -     		+

    The endpoint of the GitHub (Enterprise) API to use. Must be overridden for github.com

    Example: https://api.github.com/

    -
    +

       .CLIENT_ID
       (Required)

    -     		+

    String

    -     		+

    The registered client ID for this Red Hat Quay instance; cannot be shared with GITHUB_TRIGGER_CONFIG

    Example: 0e8dbe15c4c7630b6780

    -
    +

       .CLIENT_SECRET
       (Required)

    -     		+

    String

    -     		+

    The registered client secret for this Red Hat Quay instance

    Example: e4a58ddd3d7408b7aec109e85564a0d153d3e846

    -
    +

       .GITHUB_ENDPOINT
       (Required)

    -     		+

    String

    -     		+

    The endpoint for GitHub (Enterprise)

    Example: https://github.com/

    -
    +

       .ORG_RESTRICT

    -     		+

    Boolean

    -     		+

    If true, only users within the organization whitelist can login using this provider.

    -

    3.25.2. Google OAuth configuration fields

    Table 3.29. Google OAuth fields

    FieldTypeDescription
    +

    3.25.2. Google OAuth configuration fields

    Table 3.29. Google OAuth fields

    FieldTypeDescription

    FEATURE_GOOGLE_LOGIN

    -     		+

    Boolean

    -     		+

    Whether Google login is supported

    **Default: False

    -
    +

    GOOGLE_LOGIN_CONFIG

    -     		+

    Object

    -     		+

    Configuration for using Google for external authentication

    -
    +

       .CLIENT_ID
       (Required)

    -     		+

    String

    -     		+

    The registered client ID for this Red Hat Quay instance

    Example: 0e8dbe15c4c7630b6780

    -
    +

       .CLIENT_SECRET
       (Required)

    -     		+

    String

    -     		+

    The registered client secret for this Red Hat Quay instance

    Example: e4a58ddd3d7408b7aec109e85564a0d153d3e846

    3.26. Nested repositories configuration fields

    Support for nested repository path names has been added under the FEATURE_EXTENDED_REPOSITORY_NAMES property. This optional configuration is added to the config.yaml by default. Enablement allows the use of / in repository names. -

    Table 3.30. OCI and nested repositories configuration fields

    FieldTypeDescription
    +

    Table 3.30. OCI and nested repositories configuration fields

    FieldTypeDescription

    FEATURE_EXTENDED_REPOSITORY_NAMES

    -     		+

    Boolean

    -     		+

    Enable support for nested repositories

    Default: True

    OCI and nested repositories configuration example

    FEATURE_EXTENDED_REPOSITORY_NAMES: true
    -

    3.27. Mail configuration fields

    Table 3.31. Mail configuration fields

    FieldTypeDescription
    +

    3.27. Mail configuration fields

    Table 3.31. Mail configuration fields

    FieldTypeDescription

    FEATURE_MAILING

    -     		+

    Boolean

    -     		+

    Whether emails are enabled

    Default: False

    -
    +

    MAIL_DEFAULT_SENDER

    -     		+

    String

    -     		+

    If specified, the e-mail address used as the from when Red Hat Quay sends e-mails. If none, defaults to support@quay.io

    Example: support@example.com

    -
    +

    MAIL_PASSWORD

    -     		+

    String

    -     		+

    The SMTP password to use when sending e-mails

    -
    +

    MAIL_PORT

    -     		+

    Number

    -     		+

    The SMTP port to use. If not specified, defaults to 587.

    -
    +

    MAIL_SERVER

    -     		+

    String

    -     		+

    The SMTP server to use for sending e-mails. Only required if FEATURE_MAILING is set to true.

    Example: smtp.example.com

    -
    +

    MAIL_USERNAME

    -     		+

    String

    -     		+

    The SMTP username to use when sending e-mails

    -
    +

    MAIL_USE_TLS

    -     		+

    Boolean

    -     		+

    If specified, whether to use TLS for sending e-mails

    Default: True

    -

    3.28. User configuration fields

    Table 3.32. User configuration fields

    FieldTypeDescription
    +

    3.28. User configuration fields

    Table 3.32. User configuration fields

    FieldTypeDescription

    FEATURE_SUPER_USERS

    -     		+

    Boolean

    -     		+

    Whether superusers are supported

    Default: true

    -
    +

    FEATURE_USER_CREATION

    -     		+

    Boolean

    -     		+

    Whether users can be created (by non-superusers)

    Default: true

    -
    +

    FEATURE_USER_LAST_ACCESSED

    -     		+

    Boolean

    -     		+

    Whether to record the last time a user was accessed

    Default: true

    -
    +

    FEATURE_USER_LOG_ACCESS

    -     		+

    Boolean

    -     		+

    If set to true, users will have access to audit logs for their namespace

    Default: false

    -
    +

    FEATURE_USER_METADATA

    -     		+

    Boolean

    -     		+

    Whether to collect and support user metadata

    Default: false

    -
    +

    FEATURE_USERNAME_CONFIRMATION

    -     		+

    Boolean

    -     		+

    If set to true, users can confirm and modify their initial usernames when logging in via OpenID Connect (OIDC) or a non-database internal authentication provider like LDAP.
    Default: true

    -
    +

    FEATURE_USER_RENAME

    -     		+

    Boolean

    -     		+

    If set to true, users can rename their own namespace

    Default: false

    -
    +

    FEATURE_INVITE_ONLY_USER_CREATION

    -     		+

    Boolean

    -     		+

    Whether users being created must be invited by another user

    Default: false

    -
    +

    FRESH_LOGIN_TIMEOUT

    -     		+

    String

    -     		+

    The time after which a fresh login requires users to re-enter their password

    Example: 5m

    -
    +

    USERFILES_LOCATION

    -     		+

    String

    -     		+

    ID of the storage engine in which to place user-uploaded files

    Example: s3_us_east

    -
    +

    USERFILES_PATH

    -     		+

    String

    -     		+

    Path under storage in which to place user-uploaded files

    Example: userfiles

    -
    +

    USER_RECOVERY_TOKEN_LIFETIME

    -     		+

    String

    -     		+

    The length of time a token for recovering a user accounts is valid

    Pattern: ^[0-9]+(w|m|d|h|s)$
    Default: 30m

    -
    +

    FEATURE_SUPERUSERS_FULL_ACCESS

    -     		+

    Boolean

    -     		+

    Grants superusers the ability to read, write, and delete content from other repositories in namespaces that they do not own or have explicit permissions for.

    Default: False

    -
    +

    FEATURE_RESTRICTED_USERS

    -     		+

    Boolean

    -     		+

    When set with RESTRICTED_USERS_WHITELIST, restricted users cannot create organizations or content in their own namespace. Normal permissions apply for an organization’s membership, for example, a restricted user will still have normal permissions in organizations based on the teams that they are members of.

    Default: False

    -
    +

    RESTRICTED_USERS_WHITELIST

    -     		+

    String

    -     		+

    When set with FEATURE_RESTRICTED_USERS: true, specific users are excluded from the FEATURE_RESTRICTED_USERS setting.

    -
    +

    GLOBAL_READONLY_SUPER_USERS

    -     		+

    String

    -     		+

    When set, grants users of this list read access to all repositories, regardless of whether they are public repositories.

    @@ -3095,644 +3095,644 @@ - user1 ---
    Note

    When this field is set, whitelisted users can create organizations, or read or write content from the repository even if FEATURE_RESTRICTED_USERS is set to true. Other users, for example, user2, user3, and user4 are restricted from creating organizations, reading, or writing content -

    3.29. Recaptcha configuration fields

    Table 3.33. Recaptcha configuration fields

    FieldTypeDescription
    +

    3.29. Recaptcha configuration fields

    Table 3.33. Recaptcha configuration fields

    FieldTypeDescription

    FEATURE_RECAPTCHA

    -     		+

    Boolean

    -     		+

    Whether Recaptcha is necessary for user login and recovery

    Default: False

    -
    +

    RECAPTCHA_SECRET_KEY

    -     		+

    String

    -     		+

    If recaptcha is enabled, the secret key for the Recaptcha service

    -
    +

    RECAPTCHA_SITE_KEY

    -     		+

    String

    -     		+

    If recaptcha is enabled, the site key for the Recaptcha service

    -

    3.30. ACI configuration fields

    Table 3.34. ACI configuration fields

    FieldTypeDescription
    +

    3.30. ACI configuration fields

    Table 3.34. ACI configuration fields

    FieldTypeDescription

    FEATURE_ACI_CONVERSION

    -     		+

    Boolean

    -     		+

    Whether to enable conversion to ACIs

    Default: False

    -
    +

    GPG2_PRIVATE_KEY_FILENAME

    -     		+

    String

    -     		+

    The filename of the private key used to decrypte ACIs

    -
    +

    GPG2_PRIVATE_KEY_NAME

    -     		+

    String

    -     		+

    The name of the private key used to sign ACIs

    -
    +

    GPG2_PUBLIC_KEY_FILENAME

    -     		+

    String

    -     		+

    The filename of the public key used to encrypt ACIs

    -

    3.31. JWT configuration fields

    Table 3.35. JWT configuration fields

    FieldTypeDescription
    +

    3.31. JWT configuration fields

    Table 3.35. JWT configuration fields

    FieldTypeDescription

    JWT_AUTH_ISSUER

    -     		+

    String

    -     		+

    The endpoint for JWT users

    Pattern: ^http(s)?://(.)+$
    Example: http://192.168.99.101:6060

    -
    +

    JWT_GETUSER_ENDPOINT

    -     		+

    String

    -     		+

    The endpoint for JWT users
    Pattern: ^http(s)?://(.)+$
    Example: http://192.168.99.101:6060

    -
    +

    JWT_QUERY_ENDPOINT

    -     		+

    String

    -     		+

    The endpoint for JWT queries

    Pattern: ^http(s)?://(.)+$
    Example: http://192.168.99.101:6060

    -
    +

    JWT_VERIFY_ENDPOINT

    -     		+

    String

    -     		+

    The endpoint for JWT verification

    Pattern: ^http(s)?://(.)+$
    Example: http://192.168.99.101:6060

    -

    3.32. App tokens configuration fields

    Table 3.36. App tokens configuration fields

    FieldTypeDescription
    +

    3.32. App tokens configuration fields

    Table 3.36. App tokens configuration fields

    FieldTypeDescription

    FEATURE_APP_SPECIFIC_TOKENS

    -     		+

    Boolean

    -     		+

    If enabled, users can create tokens for use by the Docker CLI

    Default: True

    -
    +

    APP_SPECIFIC_TOKEN_EXPIRATION

    -     		+

    String

    -     		+

    The expiration for external app tokens.

    Default None
    Pattern: ^[0-9]+(w|m|d|h|s)$

    -
    +

    EXPIRED_APP_SPECIFIC_TOKEN_GC

    -     		+

    String

    -     		+

    Duration of time expired external app tokens will remain before being garbage collected

    Default: 1d

    -

    3.33. Miscellaneous configuration fields

    Table 3.37. Miscellaneous configuration fields

    FieldTypeDescription
    +

    3.33. Miscellaneous configuration fields

    Table 3.37. Miscellaneous configuration fields

    FieldTypeDescription

    ALLOW_PULLS_WITHOUT_STRICT_LOGGING

    -     		+

    String

    -     		+

    If true, pulls will still succeed even if the pull audit log entry cannot be written . This is useful if the database is in a read-only state and it is desired for pulls to continue during that time.

    Default: False

    -
    +

    AVATAR_KIND

    -     		+

    String

    -     		+

    The types of avatars to display, either generated inline (local) or Gravatar (gravatar)

    Values: local, gravatar

    -
    +

    BROWSER_API_CALLS_XHR_ONLY

    -     		+

    Boolean

    -     		+

    If enabled, only API calls marked as being made by an XHR will be allowed from browsers

    Default: True

    -
    +

    DEFAULT_NAMESPACE_MAXIMUM_BUILD_COUNT

    -     		+

    Number

    -     		+

    The default maximum number of builds that can be queued in a namespace.

    Default: None

    -
    +

    ENABLE_HEALTH_DEBUG_SECRET

    -     		+

    String

    -     		+

    If specified, a secret that can be given to health endpoints to see full debug info when not authenticated as a superuser

    -
    +

    EXTERNAL_TLS_TERMINATION

    -     		+

    Boolean

    -     		+

    Set to true if TLS is supported, but terminated at a layer before Quay. Set to false when Quay is running with its own SSL certificates and receiving TLS traffic directly.

    -
    +

    FRESH_LOGIN_TIMEOUT

    -     		+

    String

    -     		+

    The time after which a fresh login requires users to re-enter their password

    Example: 5m

    -
    +

    HEALTH_CHECKER

    -     		+

    String

    -     		+

    The configured health check

    Example: ('RDSAwareHealthCheck', {'access_key': 'foo', 'secret_key': 'bar'})

    -
    +

    PROMETHEUS_NAMESPACE

    -     		+

    String

    -     		+

    The prefix applied to all exposed Prometheus metrics

    Default: quay

    -
    +

    PUBLIC_NAMESPACES

    -     		+

    Array of String

    -     		+

    If a namespace is defined in the public namespace list, then it will appear on all users' repository list pages, regardless of whether the user is a member of the namespace. Typically, this is used by an enterprise customer in configuring a set of "well-known" namespaces.

    -
    +

    REGISTRY_STATE

    -     		+

    String

    -     		+

    The state of the registry

    Values: normal or read-only

    -
    +

    SEARCH_MAX_RESULT_PAGE_COUNT

    -     		+

    Number

    -     		+

    Maximum number of pages the user can paginate in search before they are limited

    Default: 10

    -
    +

    SEARCH_RESULTS_PER_PAGE

    -     		+

    Number

    -     		+

    Number of results returned per page by search page

    Default: 10

    -
    +

    V2_PAGINATION_SIZE

    -     		+

    Number

    -     		+

    The number of results returned per page in V2 registry APIs

    Default: 50

    -
    +

    WEBHOOK_HOSTNAME_BLACKLIST

    -     		+

    Array of String

    -     		+

    The set of hostnames to disallow from webhooks when validating, beyond localhost

    -
    +

    CREATE_PRIVATE_REPO_ON_PUSH

    -     		+

    Boolean

    -     		+

    Whether new repositories created by push are set to private visibility

    Default: True

    -
    +

    CREATE_NAMESPACE_ON_PUSH

    -     		+

    Boolean

    -     		+

    Whether new push to a non-existent organization creates it

    Default: False

    -
    +

    NON_RATE_LIMITED_NAMESPACES

    -     		+

    Array of String

    -     		+

    If rate limiting has been enabled using FEATURE_RATE_LIMITS, you can override it for specific namespace that require unlimited access.

    -
    +

    FEATURE_UI_V2

    -     		+

    Boolean

    -     		+

    When set, allows users to try the beta UI environment.

    Default: True

    -
    +

    FEATURE_REQUIRE_TEAM_INVITE

    -     		+

    Boolean

    -     		+

    Whether to require invitations when adding a user to a team

    Default: True

    -
    +

    FEATURE_REQUIRE_ENCRYPTED_BASIC_AUTH

    -     		+

    Boolean

    -     		+

    Whether non-encrypted passwords (as opposed to encrypted tokens) can be used for basic auth

    Default: False

    -
    +

    FEATURE_RATE_LIMITS

    -     		+

    Boolean

    -     		+

    Whether to enable rate limits on API and registry endpoints. Setting FEATURE_RATE_LIMITS to true causes nginx to limit certain API calls to 30 per second. If that feature is not set, API calls are limited to 300 per second (effectively unlimited).

    Default: False

    -
    +

    FEATURE_FIPS

    -     		+

    Boolean

    -     		+

    If set to true, Red Hat Quay will run using FIPS-compliant hash functions

    Default: False

    -
    +

    FEATURE_AGGREGATED_LOG_COUNT_RETRIEVAL

    -     		+

    Boolean

    -     		+

    Whether to allow retrieval of aggregated log counts

    Default: True

    -
    +

    FEATURE_ANONYMOUS_ACCESS

    -     		+

    Boolean

    -     		+

    Whether to allow anonymous users to browse and pull public repositories

    Default: True

    -
    +

    FEATURE_DIRECT_LOGIN

    -     		+

    Boolean

    -     		+

    Whether users can directly login to the UI

    Default: True

    -
    +

    FEATURE_LIBRARY_SUPPORT

    -     		+

    Boolean

    -     		+

    Whether to allow for "namespace-less" repositories when pulling and pushing from Docker

    Default: True

    -
    +

    FEATURE_PARTIAL_USER_AUTOCOMPLETE

    -     		+

    Boolean

    -     		+

    If set to true, autocompletion will apply to partial usernames+
    Default: True

    -
    +

    FEATURE_PERMANENT_SESSIONS

    -     		+

    Boolean

    -     		+

    Whether sessions are permanent

    Default: True

    -
    +

    FEATURE_PUBLIC_CATALOG

    -     		+

    Boolean

    -     		+

    If set to true, the _catalog endpoint returns public repositories. Otherwise, only private repositories can be returned.

    Default: False

    3.34. Legacy configuration fields

    The following fields are deprecated or obsolete. -

    Table 3.38. Legacy configuration fields

    FieldTypeDescription
    +

    Table 3.38. Legacy configuration fields

    FieldTypeDescription

    FEATURE_BLACKLISTED_EMAILS

    -     		+

    Boolean

    -     		+

    If set to true, no new User accounts may be created if their email domain is blacklisted

    -
    +

    BLACKLISTED_EMAIL_DOMAINS

    -     		+

    Array of String

    -     		+

    The list of email-address domains that is used if FEATURE_BLACKLISTED_EMAILS is set to true

    Example: "example.com", "example.org"

    -
    +

    BLACKLIST_V2_SPEC

    -     		+

    String

    -     		+

    The Docker CLI versions to which Red Hat Quay will respond that V2 is unsupported

    Example: <1.8.0
    Default: <1.6.0

    -
    +

    DOCUMENTATION_ROOT

    -     		+

    String

    -     		+

    Root URL for documentation links

    -
    +

    SECURITY_SCANNER_V4_NAMESPACE_WHITELIST

    -     		+

    String

    -     		+

    The namespaces for which the security scanner should be enabled

    -
    +

    FEATURE_RESTRICTED_V1_PUSH

    -     		+

    Boolean

    -     		+

    If set to true, only namespaces listed in V1_PUSH_WHITELIST support V1 push

    Default: True

    -
    +

    V1_PUSH_WHITELIST

    -     		+

    Array of String

    -     		+

    The array of namespace names that support V1 push if FEATURE_RESTRICTED_V1_PUSH is set to true

    -
    +

    FEATURE_HELM_OCI_SUPPORT

    -     		+

    Boolean

    -     		+

    Enable support for Helm artifacts.

    Default: False

    -

    3.35. User interface v2 configuration field

    Table 3.39. User interface v2 configuration field

    FieldTypeDescription
    +

    3.35. User interface v2 configuration field

    Table 3.39. User interface v2 configuration field

    FieldTypeDescription

    FEATURE_UI_V2

    -     		+

    Boolean

    -     		+

    When set, allows users to try the beta UI environment.

    @@ -3759,15 +3759,15 @@ In the navigation pane of your Red Hat Quay deployment, you are given the option to toggle between Current UI and New UI. Click the toggle button to set it to new UI, and then click Use Beta Environment, for example:

    Red Hat Quay v2 UI toggle -

    3.36. IPv6 configuration field

    Table 3.40. IPv6 configuration field

    FieldTypeDescription
    +

    3.36. IPv6 configuration field

    Table 3.40. IPv6 configuration field

    FieldTypeDescription

    FEATURE_LISTEN_IP_VERSION

    -     		+

    String

    -     		+

    Enables IPv4, IPv6, or dual-stack protocol family. This configuration field must be properly set, otherwise Red Hat Quay fails to start.

    @@ -3777,54 +3777,54 @@

    Additional configurations: IPv6, dual-stack

    -

    3.37. Branding configuration fields

    Table 3.41. Branding configuration fields

    FieldTypeDescription
    +

    3.37. Branding configuration fields

    Table 3.41. Branding configuration fields

    FieldTypeDescription

    BRANDING

    -     		+

    Object

    -     		+

    Custom branding for logos and URLs in the Red Hat Quay UI.

    -
    +

    .logo
    (Required)

    -     		+

    String

    -     		+

    Main logo image URL.

    The header logo defaults to 205x30 PX. The form logo on the Red Hat Quay sign in screen of the web UI defaults to 356.5x39.7 PX.
    Example:
    /static/img/quay-horizontal-color.svg

    -
    +

    .footer_img

    -     		+

    String

    -     		+

    Logo for UI footer. Defaults to 144x34 PX.

    Example:
    /static/img/RedHat.svg

    -
    +

    .footer_url

    -     		+

    String

    -     		+

    Link for footer image.

    Example:
    https://redhat.com

    @@ -3836,15 +3836,15 @@ footer_url: https://opensourceworld.org/

    3.38. Session timeout configuration field

    The following configuration field relies on on the Flask API configuration field of the same name. -

    Table 3.42. Session logout configuration field

    FieldTypeDescription
    +

    Table 3.42. Session logout configuration field

    FieldTypeDescription

    PERMANENT_SESSION_LIFETIME

    -     		+

    Integer

    -     		+

    A timedelta which is used to set the expiration date of a permanent session. The default is 31 days, which makes a permanent session survive for roughly one month.

    @@ -3862,15 +3862,15 @@ Red Hat Quay supports a limited number of environment variables for dynamic configuration.

    4.1. Geo-replication

    The same configuration should be used across all regions, with exception of the storage backend, which can be configured explicitly using the QUAY_DISTRIBUTED_STORAGE_PREFERENCE environment variable. -

    Table 4.1. Geo-replication configuration

    VariableTypeDescription
    +

    Table 4.1. Geo-replication configuration

    VariableTypeDescription

    QUAY_DISTRIBUTED_STORAGE_PREFERENCE

    -     		+

    String

    -     		+

    The preferred storage engine (by ID in DISTRIBUTED_STORAGE_CONFIG) to use.

    @@ -3882,15 +3882,15 @@ Overtime, the connection pools will release idle connections. To release all connections immediately, Red Hat Quay requires a restart.

    Database connection pooling can be toggled by setting the environment variable DB_CONNECTION_POOLING to true or false. -

    Table 4.2. Database connection pooling configuration

    VariableTypeDescription
    +

    Table 4.2. Database connection pooling configuration

    VariableTypeDescription

    DB_CONNECTION_POOLING

    -     		+

    Boolean

    -     		+

    Enable or disable database connection pooling

    @@ -3904,125 +3904,125 @@ ...

    4.3. HTTP connection counts

    It is possible to specify the quantity of simultaneous HTTP connections using environment variables. These can be specified as a whole, or for a specific component. The default for each is 50 parallel connections per process. -

    Table 4.3. HTTP connection counts configuration

    VariableTypeDescription
    +

    Table 4.3. HTTP connection counts configuration

    VariableTypeDescription

    WORKER_CONNECTION_COUNT

    -     		+

    Number

    -     		+

    Simultaneous HTTP connections

    Default: 50

    -
    +

    WORKER_CONNECTION_COUNT_REGISTRY

    -     		+

    Number

    -     		+

    Simultaneous HTTP connections for registry

    Default: WORKER_CONNECTION_COUNT

    -
    +

    WORKER_CONNECTION_COUNT_WEB

    -     		+

    Number

    -     		+

    Simultaneous HTTP connections for web UI

    Default: WORKER_CONNECTION_COUNT

    -
    +

    WORKER_CONNECTION_COUNT_SECSCAN

    -     		+

    Number

    -     		+

    Simultaneous HTTP connections for Clair

    Default: WORKER_CONNECTION_COUNT

    -

    4.4. Worker count variables

    Table 4.4. Worker count variables

    VariableTypeDescription
    +

    4.4. Worker count variables

    Table 4.4. Worker count variables

    VariableTypeDescription

    WORKER_COUNT

    -     		+

    Number

    -     		+

    Generic override for number of processes

    -
    +

    WORKER_COUNT_REGISTRY

    -     		+

    Number

    -     		+

    Specifies the number of processes to handle Registry requests within the Quay container

    Values: Integer between 8 and 64

    -
    +

    WORKER_COUNT_WEB

    -     		+

    Number

    -     		+

    Specifies the number of processes to handle UI/Web requests within the container

    Values: Integer between 2 and 32

    -
    +

    WORKER_COUNT_SECSCAN

    -     		+

    Number

    -     		+

    Specifies the number of processes to handle Security Scanning (e.g. Clair) integration within the container

    Values: Integer between 2 and 4

    4.5. Debug variables

    The following debug variables are available on Red Hat Quay. -

    Table 4.5. Debug configuration variables

    VariableTypeDescription
    +

    Table 4.5. Debug configuration variables

    VariableTypeDescription

    DEBUGLOG

    -     		+

    Boolean

    -     		+

    Whether to enable or disable debug logs.

    -
    +

    USERS_DEBUG

    -     		+

    Integer. Either 0 or 1.

    -     		+

    Used to debug LDAP operations in clear text, including passwords. Must be used with DEBUGLOG=TRUE.

    @@ -4108,206 +4108,206 @@ The above YAML file lists every key for completeness. Using this configuration file as-is will result in some options not having their defaults set normally.

    5.1.2. Clair general fields

    The following section describes the general configuration fields available for a Clair deployment: -

    FieldTyphttp_listen_aeDescription
    +

    FieldTyphttp_listen_aeDescription

    http_listen_addr

    -     		+

    String

    -     		+

    Configures where the HTTP API is exposed.

    Default: :6060

    -
    +

    introspection_addr

    -     		+

    String

    -     		+

    Configures where Clair’s metrics and health endpoints are exposed.

    -
    +

    log_level

    -     		+

    String

    -     		+

    Sets the logging level. Requires one of the following strings: debug-color, debug, info, warn, error, fatal, panic

    -
    +

    tls

    -     		+

    String

    -     		+

    A map containing the configuration for serving the HTTP API of TLS/SSL and HTTP/2.

    -
    +

    .cert

    -     		+

    String

    -     		+

    The TLS certificate to be used. Must be a full-chain certificate.

    5.1.3. Clair indexer configuration fields

    The following indexer configuration fields are available for Clair. -

    FieldTypeDescription
    +

    FieldTypeDescription

    indexer

    -     		+

    Object

    -     		+

    Provides Clair indexer node configuration.

    -
    +

    .airgap

    -     		+

    Boolean

    -     		+

    Disables HTTP access to the internet for indexers and fetchers. Private IPv4 and IPv6 addresses are allowed. Database connections are unaffected.

    -
    +

    .connstring

    -     		+

    String

    -     		+

    A Postgres connection string. Accepts format as a URL or libpq connection string.

    -
    +

    .index_report_request_concurrency

    -     		+

    Integer

    -     		+

    Rate limits the number of index report creation requests. Setting this to 0 attemps to auto-size this value. Setting a negative value means unlimited. The auto-sizing is a multiple of the number of available cores.

    The API returns a 429 status code if concurrency is exceeded.

    -
    +

    .scanlock_retry

    -     		+

    Integer

    -     		+

    A positive integer representing seconds. Concurrent indexers lock on manifest scans to avoid clobbering. This value tunes how often a waiting indexer polls for the lock.

    -
    +

    .layer_scan_concurrency

    -     		+

    Integer

    -     		+

    Positive integer limiting the number of concurrent layer scans. Indexers will match a manifest’s layer concurrently. This value tunes the number of layers an indexer scans in parallel.

    -
    +

    .migrations

    -     		+

    Boolean

    -     		+

    Whether indexer nodes handle migrations to their database.

    -
    +

    .scanner

    -     		+

    String

    -     		+

    Indexer configuration.

    Scanner allows for passing configuration options to layer scanners. The scanner will have this configuration pass to it on construction if designed to do so.

    -
    +

    .scanner.dist

    -     		+

    String

    -     		+

    A map with the name of a particular scanner and arbitrary YAML as a value.

    -
    +

    .scanner.package

    -     		+

    String

    -     		+

    A map with the name of a particular scanner and arbitrary YAML as a value.

    -
    +

    .scanner.repo

    -     		+

    String

    -     		+

    A map with the name of a particular scanner and arbitrary YAML as a value.

    @@ -4315,51 +4315,51 @@ The following matcher configuration fields are available for Clair.

    Note

    Differs from matchers configuration fields. -

    FieldTypeDescription
    +

    FieldTypeDescription

    matcher

    -     		+

    Object

    -     		+

    Provides Clair matcher node configuration.

    -
    +

    .cache_age

    -     		+

    String

    -     		+

    Controls how long users should be hinted to cache responses for.

    -
    +

    .connstring

    -     		+

    String

    -     		+

    A Postgres connection string. Accepts format as a URL or libpq connection string.

    -
    +

    .max_conn_pool

    -     		+

    Integer

    -     		+

    Limits the database connection pool size.

    @@ -4369,69 +4369,69 @@

    This parameter will be ignored in a future version. Users should configure this through the connection string.

    -
    +

    .indexer_addr

    -     		+

    String

    -     		+

    A matcher contacts an indexer to create a VulnerabilityReport. The location of this indexer is required.

    Defaults to 30m.

    -
    +

    .migrations

    -     		+

    Boolean

    -     		+

    Whether matcher nodes handle migrations to their databases.

    -
    +

    .period

    -     		+

    String

    -     		+

    Determines how often updates for new security advisories take place.

    Defaults to 30m.

    -
    +

    .disable_updaters

    -     		+

    Boolean

    -     		+

    Whether to run background updates or not.

    -
    +

    .update_retention

    -     		+

    Integer

    -     		+

    Sets the number of update operations to retain between garbage collection cycles. This should be set to a safe MAX value based on database size constraints.

    @@ -4445,39 +4445,39 @@ The following matchers configuration fields are available for Clair.

    Note

    Differs from matcher configuration fields. -

    FieldTypeDescription
    +

    FieldTypeDescription

    matchers

    -     		+

    Array of strings

    -     		+

    Provides configuration for the in-tree matchers and remotematchers.

    -
    +

    .names

    -     		+

    String

    -     		+

    A list of string values informing the matcher factory about enabled matchers. If value is set to null, the default list of matchers run: alpine, aws, debian, oracle, photon, python, python, rhel, suse, ubuntu, crda

    -
    +

    .config

    -     		+

    String

    -     		+

    Provides configuration to a specific matcher.

    @@ -4492,27 +4492,27 @@ - CVE-ABC

    5.1.6. Clair updaters configuration fields

    The following updaters configuration fields are available for Clair. -

    FieldTypeDescription
    +

    FieldTypeDescription

    updaters

    -     		+

    Object

    -     		+

    Provides configuration for the matcher’s update manager.

    -
    +

    .sets

    -     		+

    String

    -     		+

    A list of values informing the update manager which updaters to run.

    @@ -4522,15 +4522,15 @@

    If left blank, zero updaters run.

    -
    +

    .config

    -     		+

    String

    -     		+

    Provides configuration to specific updater sets.

    @@ -4545,757 +4545,757 @@ - cosmic

    5.1.7. Clair notifier configuration fields

    The following notifier configuration fields are available for Clair. -

    FieldTypeDescription
    +

    FieldTypeDescription

    notifier

    -     		+

    Object

    -     		+

    Provides Clair notifier node configuration.

    -
    +

    .connstring

    -     		+

    String

    -     		+

    Postgres connection string. Accepts format as URL, or libpq connection string.

    -
    +

    .migrations

    -     		+

    Boolean

    -     		+

    Whether notifier nodes handle migrations to their database.

    -
    +

    .indexer_addr

    -     		+

    String

    -     		+

    A notifier contacts an indexer to create or obtain manifests affected by vulnerabilities. The location of this indexer is required.

    -
    +

    .matcher_addr

    -     		+

    String

    -     		+

    A notifier contacts a matcher to list update operations and acquire diffs. The location of this matcher is required.

    -
    +

    .poll_interval

    -     		+

    String

    -     		+

    The frequency at which the notifier will query a matcher for update operations.

    -
    +

    .delivery_interval

    -     		+

    String

    -     		+

    The frequency at which the notifier attempts delivery of created, or previously failed, notifications.

    -
    +

    .disable_summary

    -     		+

    Boolean

    -     		+

    Controls whether notifications should be summarized to one per manifest.

    -
    +

    .webhook

    -     		+

    Object

    -     		+

    Configures the notifier for webhook delivery.

    -
    +

    .webhook.target

    -     		+

    String

    -     		+

    URL where the webhook will be delivered.

    -
    +

    .webhook.callback

    -     		+

    String

    -     		+

    The callback URL where notifications can be retrieved. The notification ID will be appended to this URL.

    This will typically be where the Clair notifier is hosted.

    -
    +

    .webhook.headers

    -     		+

    String

    -     		+

    A map associating a header name to a list of values.

    -
    +

    .amqp

    -     		+

    Object

    -     		+

    Configures the notifier for AMQP delivery.

    Note

    Clair does not declare any AMQP components on its own. All attempts to use an exchange or queue are passive only and will fail. Broker administrators should setup exchanges and queues ahead of time.

    -
    +

    .amqp.direct

    -     		+

    Boolean

    -     		+

    If true, the notifier will deliver individual notifications (not a callback) to the configured AMQP broker.

    -
    +

    .amqp.rollup

    -     		+

    Integer

    -     		+

    When amqp.direct is set to true, this value informs the notifier of how many notifications to send in a direct delivery. For example, if direct is set to true, and amqp.rollup is set to 5, the notifier delivers no more than 5 notifications in a single JSON payload to the broker. Setting the value to 0 effectively sets it to 1.

    -
    +

    .amqp.exchange

    -     		+

    Object

    -     		+

    The AMQP exchange to connect to.

    -
    +

    .amqp.exchange.name

    -     		+

    String

    -     		+

    The name of the exchange to connect to.

    -
    +

    .amqp.exchange.type

    -     		+

    String

    -     		+

    The type of the exchange. Typically one of the following: direct, fanout, topic, headers.

    -
    +

    .amqp.exchange.durability

    -     		+

    Boolean

    -     		+

    Whether the configured queue is durable.

    -
    +

    .amqp.exchange.auto_delete

    -     		+

    Boolean

    -     		+

    Whether the configured queue uses an auto_delete_policy.

    -
    +

    .amqp.routing_key

    -     		+

    String

    -     		+

    The name of the routing key each notification is sent with.

    -
    +

    .amqp.callback

    -     		+

    String

    -     		+

    If amqp.direct is set to false, this URL is provided in the notification callback sent to the broker. This URL should point to Clair’s notification API endpoint.

    -
    +

    .amqp.uris

    -     		+

    String

    -     		+

    A list of one or more AMQP brokers to connect to, in priority order.

    -
    +

    .amqp.tls

    -     		+

    Object

    -     		+

    Configures TLS/SSL connection to an AMQP broker.

    -
    +

    .amqp.tls.root_ca

    -     		+

    String

    -     		+

    The filesystem path where a root CA can be read.

    -
    +

    .amqp.tls.cert

    -     		+

    String

    -     		+

    The filesystem path where a TLS/SSL certificate can be read.

    Note

    Clair also allows SSL_CERT_DIR, as documented for the Go crypto/x509 package.

    -
    +

    .amqp.tls.key

    -     		+

    String

    -     		+

    The filesystem path where a TLS/SSL private key can be read.

    -
    +

    .stomp

    -     		+

    Object

    -     		+

    Configures the notifier for STOMP delivery.

    -
    +

    .stomp.direct

    -     		+

    Boolean

    -     		+

    If true, the notifier delivers individual notifications (not a callback) to the configured STOMP broker.

    -
    +

    .stomp.rollup

    -     		+

    Integer

    -     		+

    If stomp.direct is set to true, this value limits the number of notifications sent in a single direct delivery. For example, if direct is set to true, and rollup is set to 5, the notifier delivers no more than 5 notifications in a single JSON payload to the broker. Setting the value to 0 effectively sets it to 1.

    -
    +

    .stomp.callback

    -     		+

    String

    -     		+

    If stomp.callback is set to false, the provided URL in the notification callback is sent to the broker. This URL should point to Clair’s notification API endpoint.

    -
    +

    .stomp.destination

    -     		+

    String

    -     		+

    The STOMP destination to deliver notifications to.

    -
    +

    .stomp.uris

    -     		+

    String

    -     		+

    A list of one or more STOMP brokers to connect to in priority order.

    -
    +

    .stomp.tls

    -     		+

    Object

    -     		+

    Configured TLS/SSL connection to STOMP broker.

    -
    +

    .stomp.tls.root_ca

    -     		+

    String

    -     		+

    The filesystem path where a root CA can be read.

    Note

    Clair also respects SSL_CERT_DIR, as documented for the Go crypto/x509 package.

    -
    +

    .stomp.tls.cert

    -     		+

    String

    -     		+

    The filesystem path where a TLS/SSL certificate can be read.

    -
    +

    .stomp.tls.key

    -     		+

    String

    -     		+

    The filesystem path where a TLS/SSL private key can be read.

    -
    +

    .stomp.user

    -     		+

    String

    -     		+

    Configures login details for the STOMP broker.

    -
    +

    .stomp.user.login

    -     		+

    String

    -     		+

    The STOMP login to connect with.

    -
    +

    .stomp.user.passcode

    -     		+

    String

    -     		+

    The STOMP passcode to connect with.

    5.1.8. Clair authorization configuration fields

    The following authorization configuration fields are available for Clair. -

    FieldTypeDescription
    +

    FieldTypeDescription

    auth

    -     		+

    Object

    -     		+

    Defines Clair’s external and intra-service JWT based authentication. If multiple auth mechanisms are defined, Clair picks one. Currently, multiple mechanisms are unsupported.

    -
    +

    .psk

    -     		+

    String

    -     		+

    Defines pre-shared key authentication.

    -
    +

    .psk.key

    -     		+

    String

    -     		+

    A shared base64 encoded key distributed between all parties signing and verifying JWTs.

    -
    +

    .psk.iss

    -     		+

    String

    -     		+

    A list of JWT issuers to verify. An empty list accepts any issuer in a JWT claim.

    5.1.9. Clair trace configuration fields

    The following trace configuration fields are available for Clair. -

    FieldTypeDescription
    +

    FieldTypeDescription

    trace

    -     		+

    Object

    -     		+

    Defines distributed tracing configuration based on OpenTelemetry.

    -
    +

    .name

    -     		+

    String

    -     		+

    The name of the application traces will belong to.

    -
    +

    .probability

    -     		+

    Integer

    -     		+

    The probability a trace will occur.

    -
    +

    .jaeger

    -     		+

    Object

    -     		+

    Defines values for Jaeger tracing.

    -
    +

    .jaeger.agent

    -     		+

    Object

    -     		+

    Defines values for configuring delivery to a Jaeger agent.

    -
    +

    .jaeger.agent.endpoint

    -     		+

    String

    -     		+

    An address in the <host>:<post> syntax where traces can be submitted.

    -
    +

    .jaeger.collector

    -     		+

    Object

    -     		+

    Defines values for configuring delivery to a Jaeger collector.

    -
    +

    .jaeger.collector.endpoint

    -     		+

    String

    -     		+

    An address in the <host>:<post> syntax where traces can be submitted.

    -
    +

    .jaeger.collector.username

    -     		+

    String

    -     		+

    A Jaeger username.

    -
    +

    .jaeger.collector.password

    -     		+

    String

    -     		+

    A Jaeger password.

    -
    +

    .jaeger.service_name

    -     		+

    String

    -     		+

    The service name registered in Jaeger.

    -
    +

    .jaeger.tags

    -     		+

    String

    -     		+

    Key-value pairs to provide additional metadata.

    -
    +

    .jaeger.buffer_max

    -     		+

    Integer

    -     		+

    The maximum number of spans that can be buffered in memory before they are sent to the Jaeger backend for storage and analysis.

    5.1.10. Clair metrics configuration fields

    The following metrics configuration fields are available for Clair. -

    FieldTypeDescription
    +

    FieldTypeDescription

    metrics

    -     		+

    Object

    -     		+

    Defines distributed tracing configuration based on OpenTelemetry.

    -
    +

    .name

    -     		+

    String

    -     		+

    The name of the metrics in use.

    -
    +

    .prometheus

    -     		+

    String

    -     		+

    Configuration for a Prometheus metrics exporter.

    -
    +

    .prometheus.endpoint

    -     		+

    String

    -     		+

    Defines the path where metrics are served.

    -

    Legal Notice

    +

    Legal Notice

    Copyright © 2023 Red Hat, Inc.
    The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. diff --git a/master/deploy_quay/index.html b/master/deploy_quay/index.html index ddb8e3d6e..6a7e04ab8 100644 --- a/master/deploy_quay/index.html +++ b/master/deploy_quay/index.html @@ -1,8 +1,8 @@ -Deploy Red Hat Quay for proof-of-concept (non-production) purposes
    Red Hat Quay 3.9

    Deploy Red Hat Quay for proof-of-concept (non-production) purposes

    Deploy Red Hat Quay

    Red Hat OpenShift Documentation Team

    Abstract

    +Deploy Red Hat Quay for proof-of-concept (non-production) purposes
    Red Hat Quay 3.9

    Deploy Red Hat Quay for proof-of-concept (non-production) purposes

    Deploy Red Hat Quay

    Red Hat OpenShift Documentation Team

    Abstract

    Get started with Red Hat Quay -

    Preface

    +

    Preface

    Red Hat Quay is an enterprise-quality registry for building, securing and serving container images. This procedure describes how to deploy Red Hat Quay for proof-of-concept (non-production) purposes.

    Chapter 1. Overview

    Red Hat Quay includes the following features: @@ -145,63 +145,63 @@ This document uses port mapping and assumes a static IP address for your host system. Throughout the deployment, quay-sever.example.com is used with the 192.168.1.112 IP address. This information is established in the /etc/hosts file, for example: 

    $ cat /etc/hosts

    Example output: - 

    192.168.1.112   quay-server.example.com

    Table 2.1. Sample proof of concept port mapping

    ComponentPort mappingAddress
    + 

    192.168.1.112   quay-server.example.com

    Table 2.1. Sample proof of concept port mapping

    ComponentPort mappingAddress

    Quay

    -     		+

    -p 80:8080 -p 443:8443

    -     		+

    http://quay-server.example.com

    -
    +

    Postgres for Quay

    -     		+

    -p 5432:5432

    -     		+

    quay-server.example.com:5432

    -
    +

    Redis

    -     		+

    -p 6379:6379

    -     		+

    quay-server.example.com:6379

    -
    +

    Postgres for Clair V4

    -     		+

    -p 5433:5432

    -     		+

    quay-server.example.com:5433

    -
    +

    Clair V4

    -     		+

    -p 8081:8080

    -     		+

    http://quay-server.example.com:8081

    @@ -1055,7 +1055,7 @@ Configure LDAP authentication
  • Use georeplication of storage -

    • Legal Notice

    +

    Legal Notice

    Copyright © 2023 Red Hat, Inc.
    The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. diff --git a/master/deploy_quay_ha/index.html b/master/deploy_quay_ha/index.html index 3d226575e..f992827b4 100644 --- a/master/deploy_quay_ha/index.html +++ b/master/deploy_quay_ha/index.html @@ -1,8 +1,8 @@ -Deploy Red Hat Quay - High Availability
    Red Hat Quay 3.9

    Deploy Red Hat Quay - High Availability

    Deploy Red Hat Quay HA

    Red Hat OpenShift Documentation Team

    Abstract

    +Deploy Red Hat Quay - High Availability

    Preface

    Red Hat Quay is an enterprise-quality container registry. Use Quay to build and store containers, then deploy them to the servers across your enterprise.

    This procedure describes how to deploy a high availability, enterprise-quality Red Hat Quay setup. @@ -642,58 +642,58 @@ -d registry.redhat.io/quay/quay-rhel8:v3.8.0

  • You can check the status of the containers on System B and on System C by entering the following command: 

    $ sudo podman ps

    • Chapter 7. Performing health checks on Red Hat Quay deployments

    - Health check mechanisms are designed to assess the health and functionality of a system, service, or component. Health checks help ensure that everything is working correctly, and can be used to identify potential issues before they become critical problems. By monitoring the health of a system, Red Hat Quay administrators can address abnormalities or potential failures, helping to reduce the likelihood of encountering troubleshooting scenarios. + Health check mechanisms are designed to assess the health and functionality of a system, service, or component. Health checks help ensure that everything is working correctly, and can be used to identify potential issues before they become critical problems. By monitoring the health of a system, Red Hat Quay administrators can address abnormalities or potential failures for things like geo-replication deployments, Operator deployments, standalone Red Hat Quay deployments, object storage issues, and so on. Performing health checks can also help reduce the likelihood of encountering troubleshooting scenarios.

    Health check mechanisms can play a role in diagnosing issues by providing valuable information about the system’s current state. By comparing health check results with expected benchmarks or predefined thresholds, deviations or anomalies can be identified quicker.

    7.1. Red Hat Quay health check endpoints

    Important

    Links contained herein to any external website(s) are provided for convenience only. Red Hat has not reviewed the links and is not responsible for the content or its availability. The inclusion of any link to an external website does not imply endorsement by Red Hat of the website or its entities, products, or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to your use of (or reliance on) the external site or content.

    Red Hat Quay has several health check endpoints. The following table shows you the health check, a description, an endpoint, and an example output. -

    Table 7.1. Health check endpoints

    Health checkDescriptionEndpointExample output
    +

    Table 7.1. Health check endpoints

    Health checkDescriptionEndpointExample output

    instance

    -     		+

    The instance endpoint acquires the entire status of the specific Red Hat Quay instance. Returns a dict with key-value pairs for the following: auth, database, disk_space, registry_gunicorn, service_key, and web_gunicorn. Returns a number indicating the health check response of either 200, which indicates that the instance is healthy, or 503, which indicates an issue with your deployment.

    -     		+

    https://{quay-ip-endpoint}/health/instance or https://{quay-ip-endpoint}/health

    -     		+

    {"data":{"services":{"auth":true,"database":true,"disk_space":true,"registry_gunicorn":true,"service_key":true,"web_gunicorn":true}},"status_code":200}

    -
    +

    endtoend

    -     		+

    The endtoend endpoint conducts checks on all services of your Red Hat Quay instance. Returns a dict with key-value pairs for the following: auth, database, redis, storage. Returns a number indicating the health check response of either 200, which indicates that the instance is healthy, or 503, which indicates an issue with your deployment.

    -     		+

    https://{quay-ip-endpoint}/health/endtoend

    -     		+

    {"data":{"services":{"auth":true,"database":true,"redis":true,"storage":true}},"status_code":200}

    -
    +

    warning

    -     		+

    The warning endpoint conducts a check on the warnings. Returns a dict with key-value pairs for the following: disk_space_warning. Returns a number indicating the health check response of either 200, which indicates that the instance is healthy, or 503, which indicates an issue with your deployment.

    -     		+

    https://{quay-ip-endpoint}/health/warning

    -     		+

    {"data":{"services":{"disk_space_warning":true}},"status_code":503}

    @@ -705,7 +705,7 @@ You are taken to the health instance page, which returns information like the following: 

    {"data":{"services":{"auth":true,"database":true,"disk_space":true,"registry_gunicorn":true,"service_key":true,"web_gunicorn":true}},"status_code":200}

    For Red Hat Quay, "status_code": 200 means that the instance is health. Conversely, if you receive "status_code": 503, there is an issue with your deployment. -

    Additional resources

    Legal Notice

    +

    Additional resources

    Legal Notice

    Copyright © 2023 Red Hat, Inc.
    The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. diff --git a/master/manage_quay/index.html b/master/manage_quay/index.html index 4a24c9af1..7e9b88933 100644 --- a/master/manage_quay/index.html +++ b/master/manage_quay/index.html @@ -1,8 +1,8 @@ -Manage Red Hat Quay
    Red Hat Quay 3.9

    Manage Red Hat Quay

    Manage Red Hat Quay

    Red Hat OpenShift Documentation Team

    Abstract

    +Manage Red Hat Quay
    Red Hat Quay 3.9

    Manage Red Hat Quay

    Manage Red Hat Quay

    Red Hat OpenShift Documentation Team

    Abstract

    Manage Red Hat Quay -

    Preface

    +

    Preface

    Once you have deployed a Red Hat Quay registry, there are many ways you can further configure and manage that deployment. Topics covered here include:

    • Advanced Red Hat Quay configuration @@ -226,51 +226,51 @@ environment variable: WORKER_COUNT_SECSCAN

    1.3.4.5. Environment variables

    Red Hat Quay allows overriding default behavior using environment variables. The following table lists and describes each variable and the values they can expect. -

    Table 1.1. Worker count environment variables

    VariableDescriptionValues
    +

    Table 1.1. Worker count environment variables

    VariableDescriptionValues

    WORKER_COUNT_REGISTRY

    -     		+

    Specifies the number of processes to handle registry requests within the Quay container.

    -     		+

    Integer between 8 and 64

    -
    +

    WORKER_COUNT_WEB

    -     		+

    Specifies the number of processes to handle UI/Web requests within the container.

    -     		+

    Integer between 2 and 32

    -
    +

    WORKER_COUNT_SECSCAN

    -     		+

    Specifies the number of processes to handle Security Scanning (for example, Clair) integration within the container.

    -     		+

    Integer between 2 and 4

    -
    +

    DB_CONNECTION_POOLING

    -     		+

    Toggle database connection pooling.

    -     		+

    "true" or "false"

    @@ -1084,87 +1084,87 @@ After the QuayIntegration custom resource is created, your OpenShift Container Platform cluster will be linked to your Red Hat Quay instance. Organizations within your Red Hat Quay registry should be created for the related namespace for the OpenShift Container Platform environment.

    8.5. QuayIntegration configuration fields

    The following configuration fields are available for the QuayIntegration custom resource: -

    NameDescriptionSchema
    +

    NameDescriptionSchema

    allowlistNamespaces
    (Optional)

    -     		+

    A list of namespaces to include.

    -     		+

    Array

    -
    +

    clusterID
    (Required)

    -     		+

    The ID associated with this cluster.

    -     		+

    String

    -
    +

    credentialsSecret.key
    (Required)

    -     		+

    The secret containing credentials to communicate with the Quay registry.

    -     		+

    Object

    -
    +

    denylistNamespaces
    (Optional)

    -     		+

    A list of namespaces to exclude.

    -     		+

    Array

    -
    +

    insecureRegistry
    (Optional)

    -     		+

    Whether to skip TLS verification to the Quay registry

    -     		+

    Boolean

    -
    +

    quayHostname
    (Required)

    -     		+

    The hostname of the Quay registry.

    -     		+

    String

    -
    +

    scheduledImageStreamImport
    (Optional)

    -     		+

    Whether to enable image stream importing.

    -     		+

    Boolean

    @@ -1208,99 +1208,99 @@ Automatic synchronization or mirroring of selected (allowlisted) upstream repositories from external registries into a local Red Hat Quay deployment
    Note

    Repository mirroring and geo-replication can be used simultaneously. -

    Table 9.1. Red Hat Quay Repository mirroring and geo-replication comparison

    Feature / CapabilityGeo-replicationRepository mirroring
    +

    Table 9.1. Red Hat Quay Repository mirroring and geo-replication comparison

    Feature / CapabilityGeo-replicationRepository mirroring

    What is the feature designed to do?

    -     		+

    A shared, global registry

    -     		+

    Distinct, different registries

    -
    +

    What happens if replication or mirroring has not been completed yet?

    -     		+

    The remote copy is used (slower)

    -     		+

    No image is served

    -
    +

    Is access to all storage backends in both regions required?

    -     		+

    Yes (all Red Hat Quay nodes)

    -     		+

    No (distinct storage)

    -
    +

    Can users push images from both sites to the same repository?

    -     		+

    Yes

    -     		+

    No

    -
    +

    Is all registry content and configuration identical across all regions (shared database)?

    -     		+

    Yes

    -     		+

    No

    -
    +

    Can users select individual namespaces or repositories to be mirrored?

    -     		+

    No

    -     		+

    Yes

    -
    +

    Can users apply filters to synchronization rules?

    -     		+

    No

    -     		+

    Yes

    -
    +

    Are individual / different role-base access control configurations allowed in each region

    -     		+

    No

    -     		+

    Yes

    @@ -1328,63 +1328,63 @@ Enable mirroring and require HTTPS and verified certificates

  • Validate and download the configuration file, and then restart Quay in registry mode using the updated config file. -

    • 9.5. Mirroring configuration fields

    Table 9.2. Mirroring configuration

    FieldTypeDescription
    +

    9.5. Mirroring configuration fields

    Table 9.2. Mirroring configuration

    FieldTypeDescription

    FEATURE_REPO_MIRROR

    -     		+

    Boolean

    -     		+

    Enable or disable repository mirroring

    Default: false

    -
    +

    REPO_MIRROR_INTERVAL

    -     		+

    Number

    -     		+

    The number of seconds between checking for repository mirror candidates

    Default: 30

    -
    +

    REPO_MIRROR_SERVER_HOSTNAME

    -     		+

    String

    -     		+

    Replaces the SERVER_HOSTNAME as the destination for mirroring.

    Default: None

    Example:
    openshift-quay-service

    -
    +

    REPO_MIRROR_TLS_VERIFY

    -     		+

    Boolean

    -     		+

    Require HTTPS and verify certificates of Quay registry during mirror.

    Default: false

    -
    +

    REPO_MIRROR_ROLLBACK

    -     		+

    Boolean

    -     		+

    When set to true, the repository rolls back after a failed mirror attempt.

    @@ -1916,43 +1916,43 @@ Red Hat Quay provides metrics to help monitor the registry, including metrics for general registry usage, uploads, downloads, garbage collection, and authentication.

    12.2.1. General registry statistics

    General registry statistics can indicate how large the registry has grown. -

    Metric nameDescription
    +

    Metric nameDescription

    quay_user_rows

    -     		+

    Number of users in the database

    -
    +

    quay_robot_rows

    -     		+

    Number of robot accounts in the database

    -
    +

    quay_org_rows

    -     		+

    Number of organizations in the database

    -
    +

    quay_repository_rows

    -     		+

    Number of repositories in the database

    -
    +

    quay_security_scanning_unscanned_images_remaining_total

    -     		+

    Number of images that are not scanned by the latest security scanner

    @@ -1979,27 +1979,27 @@ quay_security_scanning_unscanned_images_remaining{host="example-registry-quay-app-6df87f7b66-9tfn6",instance="",job="quay",pid="208",process_name="secscan:application"} 5

    12.2.2. Queue items

    The queue items metrics provide information on the multiple queues used by Quay for managing work. -

    Metric nameDescription
    +

    Metric nameDescription

    quay_queue_items_available

    -     		+

    Number of items in a specific queue

    -
    +

    quay_queue_items_locked

    -     		+

    Number of items that are running

    -
    +

    quay_queue_items_available_unlocked

    -     		+

    Number of items that are waiting to be processed

    @@ -2044,35 +2044,35 @@ quay_queue_items_locked{host="example-registry-quay-app-6df87f7b66-9tfn6",instance="",job="quay",pid="63",process_name="exportactionlogsworker.py",queue_name="exportactionlogs"} 0

    12.2.3. Garbage collection metrics

    These metrics show you how many resources have been removed from garbage collection (gc). They show many times the gc workers have run and how many namespaces, repositories, and blobs were removed. -

    Metric nameDescription
    +

    Metric nameDescription

    quay_gc_iterations_total

    -     		+

    Number of iterations by the GCWorker

    -
    +

    quay_gc_namespaces_purged_total

    -     		+

    Number of namespaces purged by the NamespaceGCWorker

    -
    +

    quay_gc_repos_purged_total

    -     		+

    Number of repositories purged by the RepositoryGCWorker or NamespaceGCWorker

    -
    +

    quay_gc_storage_blobs_deleted_total

    -     		+

    Number of storage blobs deleted

    @@ -2115,19 +2115,19 @@ ...

    12.2.3.1. Multipart uploads metrics

    The multipart uploads metrics show the number of blobs uploads to storage (S3, Rados, GoogleCloudStorage, RHOCS). These can help identify issues when Quay is unable to correctly upload blobs to storage. -

    Metric nameDescription
    +

    Metric nameDescription

    quay_multipart_uploads_started_total

    -     		+

    Number of multipart uploads to Quay storage that started

    -
    +

    quay_multipart_uploads_completed_total

    -     		+

    Number of multipart uploads to Quay storage that completed

    @@ -2151,11 +2151,11 @@ ...

    12.2.4. Image push / pull metrics

    A number of metrics are available related to pushing and pulling images. -

    12.2.4.1. Image pulls total

    Metric nameDescription
    +

    12.2.4.1. Image pulls total

    Metric nameDescription

    quay_registry_image_pulls_total

    -     		+

    The number of images downloaded from the registry.

    @@ -2165,21 +2165,21 @@ ref: ref used to pull - tag, manifest
  • status: http return code of the request -

    • 12.2.4.2. Image bytes pulled

    Metric nameDescription
    +

    12.2.4.2. Image bytes pulled

    Metric nameDescription

    quay_registry_image_pulled_estimated_bytes_total

    -     		+

    The number of bytes downloaded from the registry

    Metric labels

    • protocol: the registry protocol used (should always be v2) -

    12.2.4.3. Image pushes total

    Metric nameDescription
    +

    12.2.4.3. Image pushes total

    Metric nameDescription

    quay_registry_image_pushes_total

    -     		+

    The number of images uploaded from the registry.

    @@ -2189,11 +2189,11 @@ pstatus: http return code of the request
  • pmedia_type: the uploaded manifest type -

    • 12.2.4.4. Image bytes pushed

    Metric nameDescription
    +

    12.2.4.4. Image bytes pushed

    Metric nameDescription

    quay_registry_image_pushed_bytes_total

    -     		+

    The number of bytes uploaded to the registry

    @@ -2205,11 +2205,11 @@ ...

    12.2.5. Authentication metrics

    The authentication metrics provide the number of authentication requests, labeled by type and whether it succeeded or not. For example, this metric could be used to monitor failed basic authentication requests. -

    Metric nameDescription
    +

    Metric nameDescription

    quay_authentication_attempts_total

    -     		+

    Number of authentication attempts across the registry and API

    @@ -2271,27 +2271,27 @@ Quota management helps organizations to maintain resource consumption. One limitation of quota management is that calculating resource consumption on push results in the calculation becoming part of the push’s critical path. Without this, usage data might drift.

    The maximum storage quota size is dependent on the selected database: -

    Table 13.1. Worker count environment variables

    VariableDescription
    +

    Table 13.1. Worker count environment variables

    VariableDescription

    Postgres

    -     		+

    8388608 TB

    -
    +

    MySQL

    -     		+

    8388608 TB

    -
    +

    SQL Server

    -     		+

    16777216 TB

    @@ -3125,7 +3125,7 @@ Use the following procedure to back up your Red Hat Quay configuration.

    Procedure

    1. To back the QuayRegistry custom resource by exporting it, enter the following command: - 

      $ oc get quayregistry <quay-registry-name> -n <quay-namespace> -o yaml > quay-registry.yaml

    2. + 

      $ oc get quayregistry <quay_registry_name> -n <quay_namespace> -o yaml > quay-registry.yaml

    3. Edit the resulting quayregistry.yaml and remove the status section and the following metadata fields: 

        metadata.creationTimestamp
   metadata.finalizers
@@ -3134,15 +3134,15 @@
   metadata.uid

    4. Backup the managed keys secret by entering the following command:

      Note

      - If you are running a version older than Red Hat Quay 3.7.0, this step can be skipped. Some secrets are automatically generated while deploying Red Hat Quay for the first time. These are stored in a secret called <quay-registry-name>-quay-registry-managed-secret-keys in the namespace of the QuayRegistry resource. - 

      $ oc get secret -n <quay-namespace> <quay-registry-name>-quay-registry-managed-secret-keys -o yaml > managed-secret-keys.yaml

    5. - Edit the resulting managed-secret-keys.yaml file and remove the entry metadata.ownerReferences. Your managed-secret-keys.yaml file should look similar to the following: + If you are running a version older than Red Hat Quay 3.7.0, this step can be skipped. Some secrets are automatically generated while deploying Red Hat Quay for the first time. These are stored in a secret called <quay_registry_name>-quay_registry_managed_secret_keys in the namespace of the QuayRegistry resource. + 

    $ oc get secret -n <quay_namespace> <quay_registry_name>_quay_registry_managed_secret_keys -o yaml > managed_secret_keys.yaml

  • + Edit the resulting managed_secret_keys.yaml file and remove the entry metadata.ownerReferences. Your managed_secret_keys.yaml file should look similar to the following: 

    apiVersion: v1
 kind: Secret
 type: Opaque
 metadata:
-  name: <quayname>-quay-registry-managed-secret-keys
-  namespace: <quay-namespace>
+  name: <quayname>_quay_registry_managed_secret_keys
+  namespace: <quay_namespace>
 data:
   CONFIG_EDITOR_PW: <redacted>
   DATABASE_SECRET_KEY: <redacted>
@@ -3153,9 +3153,9 @@
 							All information under the data property should remain the same.

  • Redirect the current Quay configuration file by entering the following command: - 

    $ oc get secret -n <quay-namespace>  $(oc get quayregistry <quay-registry-name> -n <quay-namespace>  -o jsonpath='{.spec.configBundleSecret}') -o yaml > config-bundle.yaml

  • + 

    $ oc get secret -n <quay-namespace>  $(oc get quayregistry <quay_registry_name> -n <quay_namespace>  -o jsonpath='{.spec.configBundleSecret}') -o yaml > config-bundle.yaml

  • Backup the /conf/stack/config.yaml file mounted inside of the Quay pods: - 

    $ oc exec -it quay-pod-name -- cat /conf/stack/config.yaml > quay-config.yaml

    • 15.1.2. Scaling down your Red Hat Quay deployment

    + 

    $ oc exec -it quay_pod_name -- cat /conf/stack/config.yaml > quay_config.yaml

    15.1.2. Scaling down your Red Hat Quay deployment

    Use the following procedure to scale down your Red Hat Quay deployment.

    Important

    This step is needed to create a consistent backup of the state of your Red Hat Quay deployment. Do not omit this step, including in setups where PostgreSQL databases and/or S3-compatible object storage are provided by external services (unmanaged by the Red Hat Quay Operator). @@ -3193,7 +3193,7 @@ For Operator version 3.6 and earlier: Scale down the Red Hat Quay deployment by scaling down the Red Hat Quay Operator first and then the managed Red Hat Quay resources: 

    $ oc scale --replicas=0 deployment $(oc get deployment -n <quay-operator-namespace>|awk '/^quay-operator/ {print $1}') -n <quay-operator-namespace>
    $ oc scale --replicas=0 deployment $(oc get deployment -n <quay-namespace>|awk '/quay-app/ {print $1}') -n <quay-namespace>
    $ oc scale --replicas=0 deployment $(oc get deployment -n <quay-namespace>|awk '/quay-mirror/ {print $1}') -n <quay-namespace>
    $ oc scale --replicas=0 deployment $(oc get deployment -n <quay-namespace>|awk '/clair-app/ {print $1}') -n <quay-namespace>

  • Wait for the registry-quay-app, registry-quay-mirror and registry-clair-app pods (depending on which components you set to be managed by the Red Hat Quay Operator) to disappear. You can check their status by running the following command: - 

    $ oc get pods -n <quay-namespace>

    + 

    $ oc get pods -n <quay_namespace>

    Example output: 

    $ oc get pod

    Example output

    @@ -3209,11 +3209,11 @@ If your Red Hat Quay deployment is configured with external, or unmanged, PostgreSQL database(s), refer to your vendor’s documentation on how to create a consistent backup of these databases.

    • Procedure

    1. Identify the Quay PostgreSQL pod name: - 

      $ oc get pod -l quay-component=postgres -n <quay-namespace> -o jsonpath='{.items[0].metadata.name}'

      + 

      $ oc get pod -l quay-component=postgres -n <quay_namespace> -o jsonpath='{.items[0].metadata.name}'

      Example output: 

      quayregistry-quay-database-59f54bb7-58xs7

    2. Obtain the Quay database name: - 

      $ oc -n <quay-namespace> rsh $(oc get pod -l app=quay -o NAME -n <quay-namespace> |head -n 1) cat /conf/stack/config.yaml|awk -F"/" '/^DB_URI/ {print $4}'
+						
      $ oc -n <quay_namespace> rsh $(oc get pod -l app=quay -o NAME -n <quay_namespace> |head -n 1) cat /conf/stack/config.yaml|awk -F"/" '/^DB_URI/ {print $4}'
 quayregistry-quay-database

    3. Download a backup database: 

      $ oc exec quayregistry-quay-database-59f54bb7-58xs7 -- /usr/bin/pg_dump -C quayregistry-quay-database  > backup.sql

    15.1.3.1. Backing up the Red Hat Quay managed object storage

    @@ -3260,9 +3260,9 @@ Replica overrides are removed again to scale the Quay components back up

  • For Operator version 3.6 and earlier: Scale up the Red Hat Quay deployment by scaling up the Red Hat Quay Operator again: - 

    $ oc scale --replicas=1 deployment $(oc get deployment -n <quay-operator-namespace> | awk '/^quay-operator/ {print $1}') -n <quay-operator-namespace>

  • + 

    $ oc scale --replicas=1 deployment $(oc get deployment -n <quay_operator_namespace> | awk '/^quay-operator/ {print $1}') -n <quay_operator_namespace>

  • Check the status of the Red Hat Quay deployment by entering the following command: - 

    $ oc wait quayregistry registry --for=condition=Available=true -n <quay-namespace>

    + 

    $ oc wait quayregistry registry --for=condition=Available=true -n <quay_namespace>

    Example output: 

    apiVersion: quay.redhat.com/v1
 kind: QuayRegistry
@@ -3729,87 +3729,87 @@
 			As a Red Hat Quay administrator, you can configure Open Container Initiative (OCI) artifact types and other experimental artifact types through the FEATURE_GENERAL_OCI_SUPPORT, ALLOWED_OCI_ARTIFACT_TYPES, and IGNORE_UNKNOWN_MEDIATYPES configuration fields.
 		
    
 			The following Open Container Initiative (OCI) artifact types are built into Red Hat Quay by default and are enabled through the FEATURE_GENERAL_OCI_SUPPORT configuration field:
-		
    FieldMedia TypeSupported content types
    
+		
    FieldMedia TypeSupported content types
    
 						
    
 							Helm
 						
    
-						    		
+						
 						
    
 							application/vnd.cncf.helm.config.v1+json
 						
    
-						    		
+						
 						
    
 							application/tar+gzip, application/vnd.cncf.helm.chart.content.v1.tar+gzip
 						
    
-						
    
+						
    
 						
    
 							Cosign
 						
    
-						    		
+						
 						
    
 							application/vnd.oci.image.config.v1+json
 						
    
-						    		
+						
 						
    
 							application/vnd.dev.cosign.simplesigning.v1+json, application/vnd.dsse.envelope.v1+json
 						
    
-						
    
+						
    
 						
    
 							SPDX
 						
    
-						    		
+						
 						
    
 							application/vnd.oci.image.config.v1+json
 						
    
-						    		
+						
 						
    
 							text/spdx, text/spdx+xml, text/spdx+json
 						
    
-						
    
+						
    
 						
    
 							Syft
 						
    
-						    		
+						
 						
    
 							application/vnd.oci.image.config.v1+json
 						
    
-						    		
+						
 						
    
 							application/vnd.syft+json
 						
    
-						
    
+						
    
 						
    
 							CycloneDX
 						
    
-						    		
+						
 						
    
 							application/vnd.oci.image.config.v1+json
 						
    
-						    		
+						
 						
    
 							application/vnd.cyclonedx, application/vnd.cyclonedx+xml, application/vnd.cyclonedx+json
 						
    
-						
    
+						
    
 						
    
 							In-toto
 						
    
-						    		
+						
 						
    
 							application/vnd.oci.image.config.v1+json
 						
    
-						    		
+						
 						
    
 							application/vnd.in-toto+json
 						
    
-						
    
+						
    
 						
    
 							Unknown
 						
    
-						    		
+						
 						
    
 							application/vnd.cncf.openpolicyagent.policy.layer.v1+rego
 						
    
-						    		
+						
 						
    
 							application/vnd.cncf.openpolicyagent.policy.layer.v1+rego, application/vnd.cncf.openpolicyagent.data.layer.v1+json
 						
    
@@ -3891,99 +3891,99 @@
 						The UploadedBlob table in the Red Hat Quay metrics tracks the various blobs that are associated with a repository. When a blob is uploaded, it will not be garbage collected before the time designated by the PUSH_TEMP_TAG_EXPIRATION_SEC parameter. This is to avoid prematurely deleting blobs that are part of an ongoing push. For example, if garbage collection is set to run often, and a tag is deleted in the span of less than one hour, then it is possible that the associated blobs will not get cleaned up immediately. Instead, and assuming that the time designated by the PUSH_TEMP_TAG_EXPIRATION_SEC parameter has passed, the associated blobs will be removed the next time garbage collection runs on that same repository.
 					
    19.2. Garbage collection configuration fields
    
 				The following configuration fields are available to customize what is garbage collected, and the frequency at which garbage collection occurs:
-			
    NameDescriptionSchema
    
+			
    NameDescriptionSchema
    
 							
    
 								FEATURE_GARBAGE_COLLECTION
 							
    
-							    		
+							
 							
    
 								Whether garbage collection is enabled for image tags. Defaults to true.
 							
    
-							    		
+							
 							
    
 								Boolean
 							
    
-							
    
+							
    
 							
    
 								FEATURE_NAMESPACE_GARBAGE_COLLECTION
 							
    
-							    		
+							
 							
    
 								Whether garbage collection is enabled for namespaces. Defaults to true.
 							
    
-							    		
+							
 							
    
 								Boolean
 							
    
-							
    
+							
    
 							
    
 								FEATURE_REPOSITORY_GARBAGE_COLLECTION
 							
    
-							    		
+							
 							
    
 								Whether garbage collection is enabled for repositories. Defaults to true.
 							
    
-							    		
+							
 							
    
 								Boolean
 							
    
-							
    
+							
    
 							
    
 								GARBAGE_COLLECTION_FREQUENCY
 							
    
-							    		
+							
 							
    
 								The frequency, in seconds, at which the garbage collection worker runs. Affects only garbage collection workers. Defaults to 30 seconds.
 							
    
-							    		
+							
 							
    
 								String
 							
    
-							
    
+							
    
 							
    
 								PUSH_TEMP_TAG_EXPIRATION_SEC
 							
    
-							    		
+							
 							
    
 								The number of seconds that blobs will not be garbage collected after being uploaded. This feature prevents garbage collection from cleaning up blobs that are not referenced yet, but still used as part of an ongoing push.
 							
    
-							    		
+							
 							
    
 								String
 							
    
-							
    
+							
    
 							
    
 								TAG_EXPIRATION_OPTIONS
 							
    
-							    		
+							
 							
    
 								List of valid tag expiration values.
 							
    
-							    		
+							
 							
    
 								String
 							
    
-							
    
+							
    
 							
    
 								DEFAULT_TAG_EXPIRATION
 							
    
-							    		
+							
 							
    
 								Tag expiration time for time machine.
 							
    
-							    		
+							
 							
    
 								String
 							
    
-							
    
+							
    
 							
    
 								CLEAN_BLOB_UPLOAD_FOLDER
 							
    
-							    		
+							
 							
    
 								Automatically cleans stale blobs left over from an S3 multipart upload. By default, blob files older than two days are cleaned up every hour.
 							
    
-							    		
+							
 							
    
 								Boolean
 							
    
@@ -4014,35 +4014,35 @@
 						Example output:
 					
    gunicorn-web stdout | 2022-11-14 19:23:44,574 [233] [INFO] [gunicorn.access] 192.168.0.38 - - [14/Nov/2022:19:23:44 +0000] "DELETE /api/v1/repository/quayadmin/busybox/tag/test HTTP/1.0" 204 0 "http://quay-server.example.com/repository/quayadmin/busybox?tab=tags" "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"
    19.6. Red Hat Quay garbage collection metrics
    
 				The following metrics show how many resources have been removed by garbage collection. These metrics show how many times the garbage collection workers have run and how many namespaces, repositories, and blobs were removed.
-			
    Metric nameDescription
    
+			
    Metric nameDescription
    
 							
    
 								quay_gc_iterations_total
 							
    
-							    		
+							
 							
    
 								Number of iterations by the GCWorker
 							
    
-							
    
+							
    
 							
    
 								quay_gc_namespaces_purged_total
 							
    
-							    		
+							
 							
    
 								Number of namespaces purged by the NamespaceGCWorker
 							
    
-							
    
+							
    
 							
    
 								quay_gc_repos_purged_total
 							
    
-							    		
+							
 							
    
 								Number of repositories purged by the RepositoryGCWorker or NamespaceGCWorker
 							
    
-							
    
+							
    
 							
    
 								quay_gc_storage_blobs_deleted_total
 							
    
-							    		
+							
 							
    
 								Number of storage blobs deleted
 							
    
@@ -4324,58 +4324,58 @@
 					
    
 						Red Hat Quay v2 UI toggle
 					
    Chapter 21. Performing health checks on Red Hat Quay deployments
    
-			Health check mechanisms are designed to assess the health and functionality of a system, service, or component. Health checks help ensure that everything is working correctly, and can be used to identify potential issues before they become critical problems. By monitoring the health of a system, Red Hat Quay administrators can address abnormalities or potential failures, helping to reduce the likelihood of encountering troubleshooting scenarios.
+			Health check mechanisms are designed to assess the health and functionality of a system, service, or component. Health checks help ensure that everything is working correctly, and can be used to identify potential issues before they become critical problems. By monitoring the health of a system, Red Hat Quay administrators can address abnormalities or potential failures for things like geo-replication deployments, Operator deployments, standalone Red Hat Quay deployments, object storage issues, and so on. Performing health checks can also help reduce the likelihood of encountering troubleshooting scenarios.
 		
    
 			Health check mechanisms can play a role in diagnosing issues by providing valuable information about the system’s current state. By comparing health check results with expected benchmarks or predefined thresholds, deviations or anomalies can be identified quicker.
 		
    21.1. Red Hat Quay health check endpoints
    Important
    
 					Links contained herein to any external website(s) are provided for convenience only. Red Hat has not reviewed the links and is not responsible for the content or its availability. The inclusion of any link to an external website does not imply endorsement by Red Hat of the website or its entities, products, or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to your use of (or reliance on) the external site or content.
 				
    
 				Red Hat Quay has several health check endpoints. The following table shows you the health check, a description, an endpoint, and an example output.
-			
    Table 21.1. Health check endpoints
    Health checkDescriptionEndpointExample output
    
+			
    Table 21.1. Health check endpoints
    Health checkDescriptionEndpointExample output
    
 							
    
 								instance
 							
    
-							    		
+							
 							
    
 								The instance endpoint acquires the entire status of the specific Red Hat Quay instance. Returns a dict with key-value pairs for the following: auth, database, disk_space, registry_gunicorn, service_key, and web_gunicorn. Returns a number indicating the health check response of either 200, which indicates that the instance is healthy, or 503, which indicates an issue with your deployment.
 							
    
-							    		
+							
 							
    
 								https://{quay-ip-endpoint}/health/instance or https://{quay-ip-endpoint}/health
 							
    
-							    		
+							
 							
    
 								{"data":{"services":{"auth":true,"database":true,"disk_space":true,"registry_gunicorn":true,"service_key":true,"web_gunicorn":true}},"status_code":200}
 							
    
-							
    
+							
    
 							
    
 								endtoend
 							
    
-							    		
+							
 							
    
 								The endtoend endpoint conducts checks on all services of your Red Hat Quay instance. Returns a dict with key-value pairs for the following: auth, database, redis, storage. Returns a number indicating the health check response of either 200, which indicates that the instance is healthy, or 503, which indicates an issue with your deployment.
 							
    
-							    		
+							
 							
    
 								https://{quay-ip-endpoint}/health/endtoend
 							
    
-							    		
+							
 							
    
 								{"data":{"services":{"auth":true,"database":true,"redis":true,"storage":true}},"status_code":200}
 							
    
-							
    
+							
    
 							
    
 								warning
 							
    
-							    		
+							
 							
    
 								The warning endpoint conducts a check on the warnings. Returns a dict with key-value pairs for the following: disk_space_warning. Returns a number indicating the health check response of either 200, which indicates that the instance is healthy, or 503, which indicates an issue with your deployment.
 							
    
-							    		
+							
 							
    
 								https://{quay-ip-endpoint}/health/warning
 							
    
-							    		
+							
 							
    
 								{"data":{"services":{"disk_space_warning":true}},"status_code":503}
 							
    
@@ -4413,7 +4413,7 @@
 			Most Red Hat Quay configuration information is stored in the config.yaml file that is created using the browser-based config tool when Red Hat Quay is first deployed.
 		
    
 			The configuration options are described in the Red Hat Quay Configuration Guide.
-		
    Additional resources
    Legal Notice
    
+		
    Additional resources
    Legal Notice
    
 		Copyright © 2023 Red Hat, Inc.
 	
    
 		The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
diff --git a/master/release_notes/index.html b/master/release_notes/index.html
index 7f32a98ed..c5099f01a 100644
--- a/master/release_notes/index.html
+++ b/master/release_notes/index.html
@@ -1,8 +1,8 @@
 
 
-Red Hat Quay Release Notes        
         
 
    Red Hat Quay 3.9
    Red Hat Quay Release Notes
    Red Hat Quay
    Red Hat OpenShift Documentation Team
    Abstract
    
+Red Hat Quay Release Notes        
         
 
    Preface
    
 			Red Hat Quay container registry platform provides secure storage, distribution, and governance of containers and cloud-native artifacts on any infrastructure. It is available as a standalone component or as an Operator on OpenShift Container Platform. Red Hat Quay includes the following features and benefits:
 		
    • 
 					Granular security management
@@ -128,311 +128,311 @@
 				New features have been added to Red Hat Quay, some of which are currently in Technology Preview. Technology Preview features are experimental features and are not intended for production use.
 			
      
 				Some features available in previous releases have been deprecated or removed. Deprecated functionality is still included in Red Hat Quay, but is planned for removal in a future release and is not recommended for new deployments. For the most recent list of deprecated and removed functionality in Red Hat Quay, refer to Table 1.1. Additional details for more fine-grained functionality that has been deprecated and removed are listed after the table.
-			
      Table 1.1. Technology Preview tracker
      FeatureQuay 3.9Quay 3.8Quay 3.7
      
+			
      Table 1.1. Technology Preview tracker
      FeatureQuay 3.9Quay 3.8Quay 3.7
      
 							
      
 								link:Single site geo-replication removal
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								-
 							
      
-							      		
+							
 							
      
 								-
 							
      
-							
      
+							
      
 							
      
 								Splunk log forwarding
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								-
 							
      
-							      		
+							
 							
      
 								-
 							
      
-							
      
+							
      
 							
      
 								link:Nutanix Object Storage
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								-
 							
      
-							      		
+							
 							
      
 								-
 							
      
-							
      
+							
      
 							
      
 								Docker v1 support
 							
      
-							      		
+							
 							
      
 								Deprecated
 							
      
-							      		
+							
 							
      
 								Deprecated
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							
      
+							
      
 							
      
 								FEATURE_UI_V2
 							
      
-							      		
+							
 							
      
 								Technology Preview
 							
      
-							      		
+							
 							
      
 								Technology Preview
 							
      
-							      		
+							
 							
      
 								-
 							
      
-							
      
+							
      
 							
      
 								FEATURE_LISTEN_IP_VERSION
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								-
 							
      
-							
      
+							
      
 							
      
 								LDAP_SUPERUSER_FILTER
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								-
 							
      
-							
      
+							
      
 							
      
 								LDAP_RESTRICTED_USER_FILTER
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								-
 							
      
-							
      
+							
      
 							
      
 								FEATURE_SUPERUSERS_FULL_ACCESS
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								-
 							
      
-							
      
+							
      
 							
      
 								GLOBAL_READONLY_SUPER_USERS
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								-
 							
      
-							
      
+							
      
 							
      
 								FEATURE_RESTRICTED_USERS
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								-
 							
      
-							
      
+							
      
 							
      
 								RESTRICTED_USERS_WHITELIST
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								-
 							
      
-							
      
+							
      
 							
      
 								Quota management and enforcement
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							
      
+							
      
 							
      
 								Red Hat Quay build enhancements
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							
      
+							
      
 							
      
 								Red Hat Quay as proxy cache for upstream registries
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								Technology Preview
 							
      
-							
      
+							
      
 							
      
 								Geo-replication - Red Hat Quay Operator
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							
      
+							
      
 							
      
 								Advanced Clair configuration
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							
      
+							
      
 							
      
 								Support for Microsoft Azure Government (MAG)
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							      		
+							
 							
      
 								General Availability
 							
      
-							
      
+							
      
 							
      
 								Java scanning with Clair
 							
      
-							      		
+							
 							
      
 								Technology Preview
 							
      
-							      		
+							
 							
      
 								Technology Preview
 							
      
-							      		
+							
 							
      
 								Technology Preview
 							
      
-							
      1.7.1. Deprecated features
      Legal Notice
      
+							
      1.7.1. Deprecated features
    Legal Notice
    
 		Copyright © 2023 Red Hat, Inc.
 	
    
 		The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
diff --git a/master/upgrade_quay/index.html b/master/upgrade_quay/index.html
index c0ae3f686..e1f9e4e03 100644
--- a/master/upgrade_quay/index.html
+++ b/master/upgrade_quay/index.html
@@ -1,6 +1,6 @@
 
 
-Upgrade Red Hat Quay        
         
 
    Red Hat Quay 3.9
    Upgrade Red Hat Quay
    Upgrade Red Hat Quay
    Red Hat OpenShift Documentation Team
    Abstract
    
+Upgrade Red Hat Quay        
         
 
    Red Hat Quay 3.9
    Upgrade Red Hat Quay
    Upgrade Red Hat Quay
    Red Hat OpenShift Documentation Team
    Abstract
    
 				Upgrade Red Hat Quay
 			
    Chapter 1. Upgrade overview
    
 			The upgrade procedure for Red Hat Quay depends on the type of installation you are using.
@@ -673,7 +673,7 @@
 			Red Hat Quay only supports rolling back, or downgrading, to previous z-stream versions, for example, 3.7.2 → 3.7.1. Rolling back to previous y-stream versions (3.7.0 → 3.6.0) is not supported. This is because Red Hat Quay updates might contain database schema upgrades that are applied when upgrading to a new version of Red Hat Quay. Database schema upgrades are not considered backwards compatible.
 		
    Important
    
 				Downgrading to previous z-streams is neither recommended nor supported by either Operator based deployments or virtual machine based deployments. Downgrading should only be done in extreme circumstances. The decision to rollback your Red Hat Quay deployment must be made in conjunction with the Red Hat Quay support and development teams. For more information, contact Red Hat Quay support.
-			
    Legal Notice
    
+			
    Legal Notice
    
 		Copyright © 2023 Red Hat, Inc.
 	
    
 		The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
diff --git a/master/use_quay/index.html b/master/use_quay/index.html
index 38f8dd850..a26e6ed76 100644
--- a/master/use_quay/index.html
+++ b/master/use_quay/index.html
@@ -1,8 +1,8 @@
 
 
-Use Red Hat Quay        
         
 
    Red Hat Quay 3.9
    Use Red Hat Quay
    Use Red Hat Quay
    Red Hat OpenShift Documentation Team
    Abstract
    
+Use Red Hat Quay        
         
 
    Red Hat Quay 3.9
    Use Red Hat Quay
    Use Red Hat Quay
    Red Hat OpenShift Documentation Team
    Abstract
    
 				Learn to use Red Hat Quay
-			
    Preface
    
+			
    Preface
    
 			Red Hat Quay container image registries let you store container images in a central location. As a regular user of a Red Hat Quay registry, you can create repositories to organize your images and selectively add read (pull) and write (push) access to the repositories you control. A user with administrative privileges can perform a broader set of tasks, such as the ability to add users and control default settings.
 		
    
 			This guide assumes you have a Red Hat Quay deployed and are ready to start setting it up and using it.
@@ -42,7 +42,21 @@
 						Add the new password and verify it, then select the Change User Password button.
 					
    
 				The new user can now use that username and password to log in via the web ui or through some container client.
-			
    1.3. Creating organization accounts
    
+			
    1.3. Deleting a Red Hat Quay user from the command line
    
+				When accessing the Users tab in the Superuser Admin panel of the Red Hat Quay UI, you might encounter a situation where no users are listed. Instead, a message appears, indicating that Red Hat Quay is configured to use external authentication, and users can only be created in that system.
+			
    
+				This error occurs for one of two reasons:
+			
    • 
+						The web UI times out when loading users. When this happens, users are not accessible to perform any operations on.
+					
    • 
+						On LDAP authentication. When a userID is changed but the associated email is not. Currently, Red Hat Quay does not allow the creation of a new user with an old email address.
+					
    
+				Use the following procedure to delete a user from Red Hat Quay when facing this issue.
+			
    Procedure
    • 
+						Enter the following curl command to delete a user from the command line:
+					
      $ curl -X DELETE -H "Authorization: Bearer <insert token here>" https://<quay_hostname>/api/v1/superuser/users/<name_of_user>
      Note
      
+							After deleting the user, any repositories that this user had in his private account become unavailable.
+						
    1.4. Creating organization accounts
    
 				Any user can create their own organization to share repositories of container images. To create a new organization:
 			
    1. 
 						While logged in as any user, select the plus sign (+) from the upper right corner of the home page and choose New Organization.
@@ -1208,113 +1222,113 @@
 				Quota management helps organizations to maintain resource consumption. One limitation of quota management is that calculating resource consumption on push results in the calculation becoming part of the push’s critical path. Without this, usage data might drift.
 			
      
 				The maximum storage quota size is dependent on the selected database:
-			
      Table 14.1. Worker count environment variables
      VariableDescription
      
+			
      Table 14.1. Worker count environment variables
      VariableDescription
      
 							
      
 								Postgres
 							
      
-							      		
+							
 							
      
 								8388608 TB
 							
      
-							
      
+							
      
 							
      
 								MySQL
 							
      
-							      		
+							
 							
      
 								8388608 TB
 							
      
-							
      
+							
      
 							
      
 								SQL Server
 							
      
-							      		
+							
 							
      
 								16777216 TB
 							
      
-							
      14.3. Quota management configuration fields
      Table 14.2. Quota management configuration
      FieldTypeDescription
      
+							
      14.3. Quota management configuration fields
      Table 14.2. Quota management configuration
      FieldTypeDescription
      
 							
      
 								FEATURE_QUOTA_MANAGEMENT
 							
      
-							      		
+							
 							
      
 								Boolean
 							
      
-							      		
+							
 							
      
 								Enables configuration, caching, and validation for quota management feature.
 							
      
 							
 
      **Default:** `False`
      
-							
      
+							
      
 							
      
 								DEFAULT_SYSTEM_REJECT_QUOTA_BYTES
 							
      
-							      		
+							
 							
      
 								String
 							
      
-							      		
+							
 							
      
 								Enables system default quota reject byte allowance for all organizations.
 							
      
 							
      
 								By default, no limit is set.
 							
      
-							
      
+							
      
 							
      
 								QUOTA_BACKFILL
 							
      
-							      		
+							
 							
      
 								Boolean
 							
      
-							      		
+							
 							
      
 								Enables the quota backfill worker to calculate the size of pre-existing blobs.
 							
      
 							
      
 								Default: True
 							
      
-							
      
+							
      
 							
      
 								QUOTA_TOTAL_DELAY_SECONDS
 							
      
-							      		
+							
 							
      
 								String
 							
      
-							      		
+							
 							
      
 								The time delay for starting the quota backfill. Rolling deployments can cause incorrect totals. This field must be set to a time longer than it takes for the rolling deployment to complete.
 							
      
 							
      
 								Default: 1800
 							
      
-							
      
+							
      
 							
      
 								PERMANENTLY_DELETE_TAGS
 							
      
-							      		
+							
 							
      
 								Boolean
 							
      
-							      		
+							
 							
      
 								Enables functionality related to the removal of tags from the time machine window.
 							
      
 							
      
 								Default: False
 							
      
-							
      
+							
      
 							
      
 								RESET_CHILD_MANIFEST_EXPIRATION
 							
      
-							      		
+							
 							
      
 								Boolean
 							
      
-							      		
+							
 							
      
 								Resets the expirations of temporary tags targeting the child manifests. With this feature set to True, child manifests are immediately garbage collected.
 							
      
@@ -2692,7 +2706,7 @@
   -H "Authorization: Bearer ${bearer_token}"
   -H "Content-Type: application/json"
   --data '{"is_enabled": true, "external_reference": "quay.io/minio/mc", "external_registry_username": "username", "external_registry_password": "password", "external_registry_config": {"unsigned_images":true, "verify_tls": false, "proxy": {"http_proxy": "http://proxy.tld", "https_proxy": "https://proxy.tld", "no_proxy": "domain"}}, "sync_interval": 600, "sync_start_date": "2021-08-06T11:11:39Z", "root_rule": {"rule_kind": "tag_glob_csv", "rule_value": [ "*" ]}, "robot_username": "orga+robot"}' https://${quay_registry}/api/v1/repository/${orga}/${repo}/mirror | jq
-					
      Legal Notice
      
+					
      Legal Notice
      
 		Copyright © 2023 Red Hat, Inc.
 	
      
 		The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.