We have (docker) repositories belonging to different teams. We want to group these repo’s to regulate access based on the team. To support this we would need repository grouping or some kind of namespacing. Afaik, such functionality does currently not exist.
Regex privilege would be another option. Currently it is possible to replace name and/or action with a wildcard. For example when we have a repository named “thisistheway” , the privilege could use a wildcard for the action: “nx-repository-view-docker-thisistheway-*” or for example name and action: “nx-repository-view-docker-*-*”. If we would be able to use wildcards inside the repo name, we could add the team there, the privilege would then become: “nx-repository-view-docker-teamA *-*”, but using wildcards inside the name seems also not supported.
Are we missing something or is there another way to achieve this?
Perhaps you could use group repositories to facilitate this. Create one repository per team, then for teams who need access to multiple repositories create a group repository containing required repositories. Just remember that each docker repository that’s supposed to be accessible by Docker client has to have its own HTTP connector (dedicated port).
The problem with group repositories is that the group is acting like a proxy for the underlying repo’s. This works for reading, but not for writing as apparently one of the group is taken as write master. We need all the repo’s in the group to be individually writable. One (imho) very easy solution would be to be able to simply use wildcards inside the repo name of the privilege. With a minimum of naming conventions (having the team name in de repo name for example) could solve it