1.4. 从命令行访问 Red Hat Quay API
您可以通过 Red Hat Quay 集群的 API 使用 curl 命令 GET、PUT、POST 或 DELETE 设置。将 <token> 替换为之前创建的 OAuth 访问令牌,以便在以下示例中获取或更改设置。
1.4.1. 获取超级用户信息
$ curl -X GET -H "Authorization: Bearer <token_here>" \
"https://<yourquayhost>/api/v1/superuser/users/"例如:
$ curl -X GET -H "Authorization: Bearer mFCdgS7SAIoMcnTsHCGx23vcNsTgziAa4CmmHIsg" http://quay-server:8080/api/v1/superuser/users/ | jq
{
"users": [
{
"kind": "user",
"name": "quayadmin",
"username": "quayadmin",
"email": "quayadmin@example.com",
"verified": true,
"avatar": {
"name": "quayadmin",
"hash": "357a20e8c56e69d6f9734d23ef9517e8",
"color": "#5254a3",
"kind": "user"
},
"super_user": true,
"enabled": true
}
]
}1.4.2. 使用 API 创建超级用户
配置超级用户名称,如 Deploy Quay 书中所述:
- 使用配置编辑器 UI 或
-
使用配置 API 验证(并下载)更新的配置捆绑包,直接编辑
config.yaml文件
为超级用户名称创建用户帐户:
获取上述授权令牌,并使用
curl创建用户:$ curl -H "Content-Type: application/json" -H "Authorization: Bearer Fava2kV9C92p1eXnMawBZx9vTqVnksvwNm0ckFKZ" -X POST --data '{ "username": "quaysuper", "email": "quaysuper@example.com" }' http://quay-server:8080/api/v1/superuser/users/ | jq返回的内容包括为新用户帐户生成的密码:
{ "username": "quaysuper", "email": "quaysuper@example.com", "password": "EH67NB3Y6PTBED8H0HC6UVHGGGA3ODSE", "encrypted_password": "fn37AZAUQH0PTsU+vlO9lS0QxPW9A/boXL4ovZjIFtlUPrBz9i4j9UDOqMjuxQ/0HTfy38goKEpG8zYXVeQh3lOFzuOjSvKic2Vq7xdtQsU=" }
现在,当您请求用户列表时,它将以超级用户身份显示 quaysuper :
$ curl -X GET -H "Authorization: Bearer mFCdgS7SAIoMcnTsHCGx23vcNsTgziAa4CmmHIsg" http://quay-server:8080/api/v1/superuser/users/ | jq
{
"users": [
{
"kind": "user",
"name": "quayadmin",
"username": "quayadmin",
"email": "quayadmin@example.com",
"verified": true,
"avatar": {
"name": "quayadmin",
"hash": "357a20e8c56e69d6f9734d23ef9517e8",
"color": "#5254a3",
"kind": "user"
},
"super_user": true,
"enabled": true
},
{
"kind": "user",
"name": "quaysuper",
"username": "quaysuper",
"email": "quaysuper@example.com",
"verified": true,
"avatar": {
"name": "quaysuper",
"hash": "c0e0f155afcef68e58a42243b153df08",
"color": "#969696",
"kind": "user"
},
"super_user": true,
"enabled": true
}
]
}1.4.3. 列出使用日志
可以使用 intrnal API /api/v1/superuser/logs 列出当前系统的使用日志。结果会被分页,在以下示例中,创建了超过 20 个仓库来显示如何使用多个调用来访问整个结果集。
1.4.3.1. 分页示例
第一次调用
$ curl -X GET -k -H "Authorization: Bearer qz9NZ2Np1f55CSZ3RVOvxjeUdkzYuCp0pKggABCD" https://example-registry-quay-quay-enterprise.apps.example.com/api/v1/superuser/logs | jq
初始输出
{
"start_time": "Sun, 12 Dec 2021 11:41:55 -0000",
"end_time": "Tue, 14 Dec 2021 11:41:55 -0000",
"logs": [
{
"kind": "create_repo",
"metadata": {
"repo": "t21",
"namespace": "namespace1"
},
"ip": "10.131.0.13",
"datetime": "Mon, 13 Dec 2021 11:41:16 -0000",
"performer": {
"kind": "user",
"name": "user1",
"is_robot": false,
"avatar": {
"name": "user1",
"hash": "5d40b245471708144de9760f2f18113d75aa2488ec82e12435b9de34a6565f73",
"color": "#ad494a",
"kind": "user"
}
},
"namespace": {
"kind": "org",
"name": "namespace1",
"avatar": {
"name": "namespace1",
"hash": "6cf18b5c19217bfc6df0e7d788746ff7e8201a68cba333fca0437e42379b984f",
"color": "#e377c2",
"kind": "org"
}
}
},
{
"kind": "create_repo",
"metadata": {
"repo": "t20",
"namespace": "namespace1"
},
"ip": "10.131.0.13",
"datetime": "Mon, 13 Dec 2021 11:41:05 -0000",
"performer": {
"kind": "user",
"name": "user1",
"is_robot": false,
"avatar": {
"name": "user1",
"hash": "5d40b245471708144de9760f2f18113d75aa2488ec82e12435b9de34a6565f73",
"color": "#ad494a",
"kind": "user"
}
},
"namespace": {
"kind": "org",
"name": "namespace1",
"avatar": {
"name": "namespace1",
"hash": "6cf18b5c19217bfc6df0e7d788746ff7e8201a68cba333fca0437e42379b984f",
"color": "#e377c2",
"kind": "org"
}
}
},
...
{
"kind": "create_repo",
"metadata": {
"repo": "t2",
"namespace": "namespace1"
},
"ip": "10.131.0.13",
"datetime": "Mon, 13 Dec 2021 11:25:17 -0000",
"performer": {
"kind": "user",
"name": "user1",
"is_robot": false,
"avatar": {
"name": "user1",
"hash": "5d40b245471708144de9760f2f18113d75aa2488ec82e12435b9de34a6565f73",
"color": "#ad494a",
"kind": "user"
}
},
"namespace": {
"kind": "org",
"name": "namespace1",
"avatar": {
"name": "namespace1",
"hash": "6cf18b5c19217bfc6df0e7d788746ff7e8201a68cba333fca0437e42379b984f",
"color": "#e377c2",
"kind": "org"
}
}
}
],
"next_page": "gAAAAABhtzGDsH38x7pjWhD8MJq1_2FAgqUw2X9S2LoCLNPH65QJqB4XAU2qAxYb6QqtlcWj9eI6DUiMN_q3e3I0agCvB2VPQ8rY75WeaiUzM3rQlMc4i6ElR78t8oUxVfNp1RMPIRQYYZyXP9h6E8LZZhqTMs0S-SedaQJ3kVFtkxZqJwHVjgt23Ts2DonVoYwtKgI3bCC5"
}
使用 next_page 进行第二次调用
$ curl -X GET -k -H "Authorization: Bearer qz9NZ2Np1f55CSZ3RVOvxjeUdkzYuCp0pKggABCD" https://example-registry-quay-quay-enterprise.apps.example.com/api/v1/superuser/logs?next_page=gAAAAABhtzGDsH38x7pjWhD8MJq1_2FAgqUw2X9S2LoCLNPH65QJqB4XAU2qAxYb6QqtlcWj9eI6DUiMN_q3e3I0agCvB2VPQ8rY75WeaiUzM3rQlMc4i6ElR78t8oUxVfNp1RMPIRQYYZyXP9h6E8LZZhqTMs0S-SedaQJ3kVFtkxZqJwHVjgt23Ts2DonVoYwtKgI3bCC5 | jq
第二个调用的输出
{
"start_time": "Sun, 12 Dec 2021 11:42:46 -0000",
"end_time": "Tue, 14 Dec 2021 11:42:46 -0000",
"logs": [
{
"kind": "create_repo",
"metadata": {
"repo": "t1",
"namespace": "namespace1"
},
"ip": "10.131.0.13",
"datetime": "Mon, 13 Dec 2021 11:25:07 -0000",
"performer": {
"kind": "user",
"name": "user1",
"is_robot": false,
"avatar": {
"name": "user1",
"hash": "5d40b245471708144de9760f2f18113d75aa2488ec82e12435b9de34a6565f73",
"color": "#ad494a",
"kind": "user"
}
},
"namespace": {
"kind": "org",
"name": "namespace1",
"avatar": {
"name": "namespace1",
"hash": "6cf18b5c19217bfc6df0e7d788746ff7e8201a68cba333fca0437e42379b984f",
"color": "#e377c2",
"kind": "org"
}
}
},
...
]
}
1.4.4. 目录同步
要在机构 testadminorg 中为团队 newteam 启用目录同步,其中 LDAP 中的对应组名称是 ldapgroup :
$ curl -X POST -H "Authorization: Bearer 9rJYBR3v3pXcj5XqIA2XX6Thkwk4gld4TCYLLWDF" \
-H "Content-type: application/json" \
-d '{"group_dn": "cn=ldapgroup,ou=Users"}' \
http://quay1-server:8080/api/v1/organization/testadminorg/team/newteam/syncing为同一团队禁用同步:
$ curl -X DELETE -H "Authorization: Bearer 9rJYBR3v3pXcj5XqIA2XX6Thkwk4gld4TCYLLWDF" \
http://quay1-server:8080/api/v1/organization/testadminorg/team/newteam/syncing1.4.5. 通过 API 创建存储库构建
要从指定的输入构建存储库,并标记带有自定义标签的构建,用户可以使用 requestRepoBuild 端点。它采用以下数据:
{
"docker_tags": [
"string"
],
"pull_robot": "string",
"subdirectory": "string",
"archive_url": "string"
}
archive_url 参数应指向 tar 或 zip 存档,其包含 Dockerfile 和其他构建所需的文件。file_id 参数超出了我们旧的构建系统。它无法再使用。如果 Dockerfile 位于子目录中,则需要指定它。
归档应该可以被公开访问。OAuth 应用应具有"管理员组织"范围,因为只有机构管理员有权访问机器机器的帐户令牌。否则,某人可以通过向机器授予构建访问权限(无需访问其自身)来获得机器人的权限,并使用它来获取镜像内容。如果出现错误,请检查返回的 json 块,并确保正确传递归档位置、拉取机器和其他参数。单击各个构建页面右上角的"下载日志",以检查日志以了解更详细的消息。
1.4.6. 创建机构机器
$ curl -X PUT https://quay.io/api/v1/organization/{orgname}/robots/{robot shortname} \
-H 'Authorization: Bearer <token>''1.4.7. 触发构建
$ curl -X POST https://quay.io/api/v1/repository/YOURORGNAME/YOURREPONAME/build/ \ -H 'Authorization: Bearer <token>'
带有请求的 Python
import requests
r = requests.post('https://quay.io/api/v1/repository/example/example/image', headers={'content-type': 'application/json', 'Authorization': 'Bearer <redacted>'}, data={[<request-body-contents>})
print(r.text)1.4.8. 创建私有存储库
$ curl -X POST https://quay.io/api/v1/repository \
-H 'Authorization: Bearer {token}' \
-H 'Content-Type: application/json' \
-d '{"namespace":"yournamespace", "repository":"yourreponame",
"description":"descriptionofyourrepo", "visibility": "private"}' | jq1.4.9. 创建已镜像的存储库
最小配置
curl -X POST
-H "Authorization: Bearer ${bearer_token}"
-H "Content-Type: application/json"
--data '{"external_reference": "quay.io/minio/mc", "external_registry_username": "", "sync_interval": 600, "sync_start_date": "2021-08-06T11:11:39Z", "root_rule": {"rule_kind": "tag_glob_csv", "rule_value": [ "latest" ]}, "robot_username": "orga+robot"}' https://${quay_registry}/api/v1/repository/${orga}/${repo}/mirror | jq
扩展配置
$ curl -X POST
-H "Authorization: Bearer ${bearer_token}"
-H "Content-Type: application/json"
--data '{"is_enabled": true, "external_reference": "quay.io/minio/mc", "external_registry_username": "username", "external_registry_password": "password", "external_registry_config": {"unsigned_images":true, "verify_tls": false, "proxy": {"http_proxy": "http://proxy.tld", "https_proxy": "https://proxy.tld", "no_proxy": "domain"}}, "sync_interval": 600, "sync_start_date": "2021-08-06T11:11:39Z", "root_rule": {"rule_kind": "tag_glob_csv", "rule_value": [ "*" ]}, "robot_username": "orga+robot"}' https://${quay_registry}/api/v1/repository/${orga}/${repo}/mirror | jq