Avoid Catalog Listing When Filter Can Only Point to One Repo#604
Open
estebanreyl wants to merge 4 commits intoAzure:mainfrom
Open
Avoid Catalog Listing When Filter Can Only Point to One Repo#604estebanreyl wants to merge 4 commits intoAzure:mainfrom
estebanreyl wants to merge 4 commits intoAzure:mainfrom
Conversation
estebanreyl
requested review from
gildardogmsft,
northtyphoon,
sajayantony and
wangxiaoxuan273
as code owners
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose of the PR
This PR adds support for cleaning up repositories without requiring a full repository listing.
This is important in several scenarios:
Large registries: Some customers have a very large number of repositories, making catalog listing slow or impractical. This limitation was previously highlighted in Make the number of repository fetched at once configurable to handle large registries #353, and an earlier attempt to address it was made in PR Do not list repositories if the repository filters are not regexes #354 by @JRBANCEL. That PR has been inactive for some time, so this change revives the core idea in the current codebase.
Restricted permissions (ABAC): In some ABAC setups, users or teams may only have access to a specific repository and intentionally lack catalog listing permissions. Today, that restriction prevents them from running purge cleanup, even though they are otherwise authorized to manage their own repository.
This PR closes that gap by allowing repository cleanup operations to proceed without relying on catalog listing, assuming the caller has the appropriate repository-level permissions. This makes cleanup workflows more scalable and better aligned with least-privilege access models. I also fixed a flaky unit test.