From 73988d1cdc67bc38fb8b985bc38dbb85bec7bd06 Mon Sep 17 00:00:00 2001 From: mbshields Date: Wed, 15 Nov 2023 16:24:08 -0800 Subject: [PATCH] docs: API auth paths changed Signed-off-by: mbshields --- .wordlist.txt | 5 +++++ docs/developer-guide/api-reference.md | 12 ++++++------ docs/developer-guide/api-user-guide.md | 20 ++++++++++---------- 3 files changed, 21 insertions(+), 16 deletions(-) diff --git a/.wordlist.txt b/.wordlist.txt index 6e7b6fc..25ba30d 100644 --- a/.wordlist.txt +++ b/.wordlist.txt @@ -70,6 +70,7 @@ Dockerfile dryRun ExpandedRepoInfo ExtensionList +ExpandedRepoInfo ExternalName Filebeat filesystem @@ -107,6 +108,10 @@ ImageListForDigest ImagesListForCVE ImagesListWithCVEFixed ImageIndex +ImageList +ImageListForDigest +ImagesListForCVE +ImagesListWithCVEFixed ImageManifest ImageTags ImageTrust diff --git a/docs/developer-guide/api-reference.md b/docs/developer-guide/api-reference.md index 14da0bf..10cb7fe 100644 --- a/docs/developer-guide/api-reference.md +++ b/docs/developer-guide/api-reference.md @@ -7,9 +7,9 @@ The information presented here is adapted from the interactive OpenAPI (formerly For instructions and examples of how to use the zot API, see [Using the zot API](../developer-guide/api-user-guide.md). -## /auth/apikey +## /zot/auth/apikey -### DELETE `/auth/apikey` +### DELETE `/zot/auth/apikey` Revokes one current user API key based on given key ID @@ -38,7 +38,7 @@ Revokes one current user API key based on given key ID This operation does not require authentication -### GET `/auth/apikey` +### GET `/zot/auth/apikey` Get list of all API keys for a logged in user @@ -61,7 +61,7 @@ Get list of all API keys for a logged in user This operation does not require authentication -### POST `/auth/apikey` +### POST `/zot/auth/apikey` Can create an api key for a logged in user, based on the provided label and scopes. @@ -102,9 +102,9 @@ Can create an api key for a logged in user, based on the provided label and scop This operation does not require authentication -## `/auth/logout` +## `/zot/auth/logout` -### POST `/auth/logout` +### POST `/zot/auth/logout` Logout by removing current session diff --git a/docs/developer-guide/api-user-guide.md b/docs/developer-guide/api-user-guide.md index 16e28c6..6992f3d 100644 --- a/docs/developer-guide/api-user-guide.md +++ b/docs/developer-guide/api-user-guide.md @@ -47,10 +47,10 @@ For comprehensive details of the API endpoints, see [Viewing the complete zot AP | Endpoint | Actions | Description | Availability | | -------- | ------- | ----------- | -------------| -| /auth/apikey| DELETE, GET, POST | Creates, lists, or deletes API keys | Available when API key authentication is enabled in the configuration file (`"apikey": true`). | -| /auth/login | POST | Opens an API session | Available when authentication is available. This includes not only OpenID, but all session-based authentication. | -| /auth/logout| POST | Ends an API session | Available when authentication is available. This includes not only OpenID, but all session-based authentication. -| /auth/callback/\ | POST | Specifies a social authentication service provider for redirecting logins, such as Google or dex. | Enabled when an OpenID authentication service provider is specified in the configuration file. | +| /zot/auth/apikey| DELETE, GET, POST | Creates, lists, or deletes API keys | Available when API key authentication is enabled in the configuration file (`"apikey": true`). | +| /zot/auth/login | POST | Opens an API session | Available when authentication is available. This includes not only OpenID, but all session-based authentication. | +| /zot/auth/logout| POST | Ends an API session | Available when authentication is available. This includes not only OpenID, but all session-based authentication. +| /zot/auth/callback/\ | POST | Specifies a social authentication service provider for redirecting logins, such as Google or dex. | Enabled when an OpenID authentication service provider is specified in the configuration file. | ### other zot endpoints @@ -113,11 +113,11 @@ To enable the use of API keys, you must set the `apikey` attribute to `true` in Before you can create or revoke an API key, you must first log in using a different authentication mechanism, such as logging in through the zot GUI. When you are logged in, you can create an API key for your identity using the following API command: - POST /auth/apikey + POST /zot/auth/apikey _cURL command example:_ - curl -u user:password -X POST http://localhost:8080/auth/apikey -d '{"label": "myAPIKEY", "scopes": ["repo1", "repo2"], "expirationDate": "2023-08-28T17:10:05+03:00"}' + curl -u user:password -X POST http://localhost:8080/zot/auth/apikey -d '{"label": "myAPIKEY", "scopes": ["repo1", "repo2"], "expirationDate": "2023-08-28T17:10:05+03:00"}' > :pencil2: The scopes and expiration date in this example are optional. By default, an API key has the same permissions as the user who created it. @@ -155,22 +155,22 @@ The API key replaces a password in the API command, as shown in the following cU When logged in, you can revoke your own API key with the following API command: - DELETE /auth/apikey?id=$uuid + DELETE /zot/auth/apikey?id=$uuid _cURL command example:_ - curl -u user:password -X DELETE http://localhost:8080/v2/auth/apikey?id=46a45ce7-5d92-498a-a9cb-9654b1da3da1 + curl -u user:password -X DELETE http://localhost:8080/v2/zot/auth/apikey?id=46a45ce7-5d92-498a-a9cb-9654b1da3da1 #### Listing your current API keys When logged in, you can display a list of your API keys with the following API command: - GET /auth/apikey + GET /zot/auth/apikey _cURL command example:_ - curl -u user:password -X GET http://localhost:8080/auth/apikey + curl -u user:password -X GET http://localhost:8080/zot/auth/apikey _Command output:_