RBAC definition #13
Description
This WG's output is reportedly the gating function on whether Distribution gets an RBAC, and if so, what kind.
I believe the MVC for this is for the server to return a list of allowed roles on login and to block attempted violations of that role set as the API exchanges proceed. The list should mirror the main set of Docker verbs: push, pull, list, rm, rename…
You could simplify that even further by defining two broad sets of roles, possibly called "role groups." The classic division is Dev vs Ops, but it could just as well be called writers vs readers, or full-access vs consumers. CI bots, cluster operators, etc. have no business pushing new container images into the registry, and they must not change any of the content previously there, but they do need the ability to pull the images once logged in. Developers are the only ones who should be able to change the image registry content.