Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

6.17. 使用 Red Hat Quay API 以超级用户管理部署

通过 Red Hat Quay UI,超级用户能够创建、列出、更改和删除 registry 的各个方面,如用户、服务密钥、用户配额等。

6.17.1. 使用 Red Hat Quay API 创建用户帐户
复制链接

使用 API 为您的 Red Hat Quay 存储库创建新用户。

先决条件

  • 以超级用户身份登录 Red Hat Quay 部署。
  • 您已创建了 OAuth 访问令牌

流程

  1. 输入以下命令使用 POST /api/v1/superuser/users/ 端点来创建新用户: 

    $ curl -X POST -H "Authorization: Bearer <bearer_token>" -H "Content-Type: application/json" -d '{
  "username": "newuser",
  "email": "newuser@example.com"
}' "https://<quay-server.example.com>/api/v1/superuser/users/"
    Copy to Clipboard Toggle word wrap

    输出示例 

    {"username": "newuser", "email": "newuser@example.com", "password": "123456789", "encrypted_password": "<example_encrypted_password>/JKY9pnDcsw="}
    Copy to Clipboard Toggle word wrap

  2. 导航到您的 Red Hat Quay registry 端点,如 quay-server.example.com,并使用从 API 调用生成的用户名和密码登录。在这种情况下,用户名是 newuser,密码则为 123456789。或者,您可以使用 CLI 登录 registry。例如: 

    $ podman login <quay-server.example.com>
    Copy to Clipboard Toggle word wrap

    输出示例

    username: newuser
password: 123456789
    Copy to Clipboard Toggle word wrap

  3. 可选。您可以使用 GET /api/v1/superuser/users/ 端点获取所有用户(包括超级用户)的列表: 

    $ curl -X GET -H "Authorization: Bearer <bearer_token>" "https://<quay-server.example.com>/api/v1/superuser/users/"
    Copy to Clipboard Toggle word wrap
    注意

    如果 config.yaml 文件中设置了 AUTHENTICATION_TYPE: DatabaseGET /api/v1/superuser/users/ 端点才会返回用户和超级用户。它不适用于 LDAP 身份验证类型。

    输出示例 

    {"users": [{"kind": "user", "name": "quayadmin", "username": "quayadmin", "email": "quay@quay.com", "verified": true, "avatar": {"name": "quayadmin", "hash": "b28d563a6dc76b4431fc7b0524bbff6b810387dac86d9303874871839859c7cc", "color": "#17becf", "kind": "user"}, "super_user": true, "enabled": true}, {"kind": "user", "name": "newuser", "username": "newuser", "email": "newuser@example.com", "verified": true, "avatar": {"name": "newuser", "hash": "f338a2c83bfdde84abe2d3348994d70c34185a234cfbf32f9e323e3578e7e771", "color": "#9edae5", "kind": "user"}, "super_user": false, "enabled": true}]}
    Copy to Clipboard Toggle word wrap

6.17.2. 使用 Red Hat Quay API 删除用户
复制链接

使用以下步骤使用 API 从 Red Hat Quay 中删除用户。

重要

删除用户后,此用户位于其专用帐户中的任何存储库都不可用。

先决条件

  • 以超级用户身份登录 Red Hat Quay 部署。
  • 您已创建了 OAuth 访问令牌

流程

  1. 输入以下 DELETE /api/v1/superuser/users/{username} 命令,以从命令行删除用户: 

    $ curl -X DELETE -H "Authorization: Bearer <insert token here>" https://<quay-server.example.com>/api/v1/superuser/users/<username>
    Copy to Clipboard Toggle word wrap

  2. 从 CLI 删除用户时,CLI 不会返回信息。要确认删除操作,您可以通过进入到 Superuser Admin Panel Users 或输入以下 GET /api/v1/superuser/users/ 命令来检查 Red Hat Quay UI。然后您可以检查是否存在它们。

    注意

    如果 config.yaml 文件中设置了 AUTHENTICATION_TYPE: DatabaseGET /api/v1/superuser/users/ 端点才会返回用户和超级用户。它不适用于 LDAP 身份验证类型。 

    $ curl -X GET -H "Authorization: Bearer <bearer_token>" "https://<quay-server.example.com>/api/v1/superuser/users/"
    Copy to Clipboard Toggle word wrap

6.17.3. 使用 Red Hat Quay API 以超级用户管理机构
复制链接

超级用户可以使用 Red Hat Quay API 列出、更改和删除机构。

流程

  • 使用 GET /api/v1/superuser/organizations 端点列出所有机构: 

    $ curl -L -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  "https://<quay_server>/api/v1/superuser/organizations?name=<organization_name>"
    Copy to Clipboard Toggle word wrap

    输出示例

    {"organizations": [{"name": "fed_test", "email": "fe11fc59-bd09-459a-a21c-b57692d151c9", "avatar": {"name": "fed_test", "hash": "e2ce1fb42ec2e0602362beb64b5ebd1e6ad291b710a0355f9296c16157bef3cb", "color": "#ff7f0e", "kind": "org"}, "quotas": [{"id": 3, "limit_bytes": 10737418240, "limits": []}], "quota_report": {"quota_bytes": 0, "configured_quota": 10737418240, "running_backfill": "complete", "backfill_status": "complete"}}, {"name": "test", "email": "new-contact@test-org.com", "avatar": {"name": "test", "hash": "a15d479002b20f211568fd4419e76686d2b88a4980a5b4c4bc10420776c5f6fe", "color": "#aec7e8", "kind": "org"}, "quotas": [{"id": 2, "limit_bytes": 10737418240, "limits": [{"id": 1, "type": "Reject", "limit_percent": 90}]}], "quota_report": {"quota_bytes": 0, "configured_quota": 10737418240, "running_backfill": "complete", "backfill_status": "complete"}}]}
    Copy to Clipboard Toggle word wrap

  • 使用 PUT /api/v1/superuser/organizations/{name} 端点更改或更新机构的信息: 

    $ curl -X PUT \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Content-Type: application/json" \
  -d '{
        "email": "<contact_email>",
        "invoice_email": <boolean_value>,
        "invoice_email_address": "<invoice_email_address>",
        "tag_expiration_s": <expiration_seconds>
      }' \
  "https://<quay_server>/api/v1/superuser/organizations/<organization_name>"
    Copy to Clipboard Toggle word wrap

    输出示例

    {"name": "test", "email": "new-contact@test-org.com", "avatar": {"name": "test", "hash": "a15d479002b20f211568fd4419e76686d2b88a4980a5b4c4bc10420776c5f6fe", "color": "#aec7e8", "kind": "org"}, "quotas": [{"id": 2, "limit_bytes": 10737418240, "limits": [{"id": 1, "type": "Reject", "limit_percent": 90}]}], "quota_report": {"quota_bytes": 0, "configured_quota": 10737418240, "running_backfill": "complete", "backfill_status": "complete"}}
    Copy to Clipboard Toggle word wrap

  • 使用 DELETE /api/v1/superuser/organizations/{name} 端点来删除和机构: 

    $ curl -X DELETE \
  -H "Authorization: Bearer <bearer_token>" \
  "https://<quay_server>/api/v1/superuser/organizations/<organization_name>"
    Copy to Clipboard Toggle word wrap

    此命令不会在 CLI 中返回输出。

6.17.4. 使用 Red Hat Quay API 以超级用户列出日志
复制链接

Red Hat Quay 超级用户可以列出当前系统的使用日志。

流程

  • 使用 GET /api/v1/superuser/logs 端点列出当前系统的使用情况日志: 

    $ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  "https://<quay_server>/api/v1/superuser/logs?starttime=<start_time>&endtime=<end_time>&page=<page_number>&next_page=<next_page_token>"
    Copy to Clipboard Toggle word wrap

    输出示例

    {"start_time": "Mon, 17 Feb 2025 19:29:14 -0000", "end_time": "Wed, 19 Feb 2025 19:29:14 -0000", "logs": [{"kind": "login_success", "metadata": {"type": "quayauth", "useragent": "Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0"}, "ip": "192.168.1.131", "datetime": "Tue, 18 Feb 2025 19:28:15 -0000", "namespace": {"kind": "user", "name": "quayadmin", "avatar": {"name": "quayadmin", "hash": "6d640d802fe23b93779b987c187a4b7a4d8fbcbd4febe7009bdff58d84498fba", "color": "#f7b6d2", "kind": "user"}}}], "next_page": "gAAAAABntN-KbPJDI0PpcHmWjRCmQTLiCprE_KXiOSidbGZ7Ireu8pVTgGUIstijNhmiLzlAv_S3HOsCrKWnuBmoQYZ3F53Uxg=="}
    Copy to Clipboard Toggle word wrap

  • 使用 GET /api/v1/superuser/registrysize/ 端点获取有关 registry 大小的信息: 

    $ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  "https://<quay_server>/api/v1/superuser/registrysize/"
    Copy to Clipboard Toggle word wrap

    输出示例

    {"size_bytes": 0, "last_ran": null, "running": false, "queued": false}
    Copy to Clipboard Toggle word wrap

  • 使用 POST /api/v1/superuser/registrysize/ 端点来定义 registry 大小信息: 

    $ curl -X POST "https://quay-server.example.com/api/v1/superuser/registrysize/" \
  -H "Authorization: Bearer <ACCESS_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
    "namespace": "<namespace>",
    "last_ran": 1700000000,
    "queued": true,
    "running": false
  }'
    Copy to Clipboard Toggle word wrap

    此命令不会在 CLI 中返回输出。

6.17.5. 使用 Red Hat Quay API 管理机构配额
复制链接

配额可以使用具有超级用户 admin 权限的 Red Hat Quay API 进行管理。这些端点允许超级用户管理 registry 中所有机构的配额策略。

流程

  1. 使用 POST /api/v1/superuser/organization/{namespace}/quota API 端点为机构创建配额策略: 

    $ curl -X POST "https://quay-server.example.com/api/v1/superuser/organization/<namespace>/quota" \
  -H "Authorization: Bearer <ACCESS_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
    "limit_bytes": 10737418240
  }'
    Copy to Clipboard Toggle word wrap

    输出示例

    "Created"
    Copy to Clipboard Toggle word wrap

  2. 使用 GET /api/v1/superuser/organization/{namespace}/quota API 端点获取有关策略的信息,包括配额 ID: 

    $ curl -X GET "https://quay-server.example.com/api/v1/superuser/organization/<namespace>/quota" \
  -H "Authorization: Bearer <ACCESS_TOKEN>"
    Copy to Clipboard Toggle word wrap

    输出示例

    [{"id": 2, "limit_bytes": 10737418240, "limit": "10.0 GiB", "default_config": false, "limits": [{"id": 1, "type": "Reject", "limit_percent": 90}], "default_config_exists": false}]
    Copy to Clipboard Toggle word wrap

  3. 使用 PUT /api/v1/superuser/organization/{namespace}/quota/{quota_id} API 端点更改配额策略: 

    $ curl -X PUT "https://quay-server.example.com/api/v1/superuser/organization/<namespace>/quota/<quota_id>" \
  -H "Authorization: Bearer <ACCESS_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
    "limit_bytes": <NEW_QUOTA_LIMIT>
  }'
    Copy to Clipboard Toggle word wrap

    输出示例

    {"id": 2, "limit_bytes": 10737418240, "limit": "10.0 GiB", "default_config": false, "limits": [{"id": 1, "type": "Reject", "limit_percent": 90}], "default_config_exists": false}
    Copy to Clipboard Toggle word wrap

  4. 使用 DELETE /api/v1/superuser/organization/{namespace}/quota/{quota_id} API 端点来 

    $ curl -X DELETE "https://quay-server.example.com/api/v1/superuser/organization/<namespace>/quota/<quota_id>" \
  -H "Authorization: Bearer <ACCESS_TOKEN>"
    Copy to Clipboard Toggle word wrap

    此命令不会在 CLI 中返回输出。

6.17.6. 使用 Red Hat Quay API 管理用户配额
复制链接

作为超级用户,您可以管理指定机构的用户配额。

流程

  1. 使用 POST /api/v1/superuser/users/{namespace}/quota 端点为机构中特定用户创建配额策略: 

    $ curl -X POST "https://quay-server.example.com/api/v1/superuser/users/<username>/quota" \
  -H "Authorization: Bearer <ACCESS_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
        "limit_bytes": <QUOTA_LIMIT>
      }'
    Copy to Clipboard Toggle word wrap

    输出示例

    "Created"
    Copy to Clipboard Toggle word wrap

  2. 使用 GET /api/v1/superuser/users/{namespace}/quota 端点返回用户分配的配额列表: 

    $ curl -X GET "https://quay-server.example.com/api/v1/superuser/users/<username>/quota" \
  -H "Authorization: Bearer <ACCESS_TOKEN>"
    Copy to Clipboard Toggle word wrap

    输出示例

    [{"id": 6, "limit_bytes": 10737418240, "limit": "10.0 GiB", "default_config": false, "limits": [], "default_config_exists": false}]
    Copy to Clipboard Toggle word wrap

  3. 使用 PUT /api/v1/superuser/users/{namespace}/quota/{quota_id} 端点来调整用户的策略: 

    $ curl -X PUT "https://quay-server.example.com/api/v1/superuser/users/<username>/quota/<quota_id>" \
  -H "Authorization: Bearer <ACCESS_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
    "limit_bytes": <NEW_QUOTA_LIMIT>
  }'
    Copy to Clipboard Toggle word wrap

    输出示例

    {"id": 6, "limit_bytes": 10737418240, "limit": "10.0 GiB", "default_config": false, "limits": [], "default_config_exists": false}
    Copy to Clipboard Toggle word wrap

  4. 使用 DELETE /api/v1/superuser/users/{namespace}/quota/{quota_id} 端点删除用户的策略: 

    $ curl -X DELETE "https://quay-server.example.com/api/v1/superuser/users/<username>/quota/<quota_id>" \
  -H "Authorization: Bearer <ACCESS_TOKEN>"
    Copy to Clipboard Toggle word wrap

    此命令不会在 CLI 中返回输出。

6.17.7. 使用 Red Hat Quay API 检索构建信息
复制链接

作为超级用户,您可以使用 Red Hat Quay API 检索有关构建的信息。

流程

  1. 使用 GET /api/v1/superuser/{build_uuid}/build 端点返回有关构建的信息: 

    $ curl -X GET "https://quay-server.example.com/api/v1/superuser/<build_uuid>/build" \
  -H "Authorization: Bearer <ACCESS_TOKEN>"
    Copy to Clipboard Toggle word wrap

  2. 使用 GET /api/v1/superuser/{build_uuid}/status API 端点返回由 build uuids 指定的构建的状态: 

    $ curl -X GET "https://quay-server.example.com/api/v1/superuser/<build_uuid>/status" \
  -H "Authorization: Bearer <ACCESS_TOKEN>"
    Copy to Clipboard Toggle word wrap

  3. 使用 GET /api/v1/superuser/{build_uuid}/logs API 端点返回由 build uuid 指定的构建的构建日志: 

    $ curl -X GET "https://quay-server.example.com/api/v1/superuser/<build_uuid>/logs" \
  -H "Authorization: Bearer <ACCESS_TOKEN>"
    Copy to Clipboard Toggle word wrap

超级用户可以使用 Red Hat Quay API 创建、列出、更改和删除服务密钥。

流程

  • 使用 POST /api/v1/superuser/keys 端点来创建服务密钥: 

    $ curl -X POST \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Content-Type: application/json" \
  -d '{
        "service": "<service_name>",
        "expiration": <unix_timestamp>
      }' \
  "<quay_server>/api/v1/superuser/keys"
    Copy to Clipboard Toggle word wrap

    输出示例

    {"message":""}
    Copy to Clipboard Toggle word wrap

  • 使用 POST /api/v1/superuser/approvedkeys/{kid} 端点批准服务密钥: 

    $ curl -X POST \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Content-Type: application/json" \
  -d '{
        "notes": "<approval_notes>"
      }' \
  "https://<quay_server>/api/v1/superuser/approvedkeys/<kid>"
    Copy to Clipboard Toggle word wrap

    此命令不会在 CLI 中返回输出。

  • 使用 GET /api/v1/superuser/keys 端点列出服务密钥: 

    $ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  "https://<quay_server>/api/v1/superuser/keys"
    Copy to Clipboard Toggle word wrap

    输出示例

    {"keys":[{"approval":{"approval_type":"ServiceKeyApprovalType.AUTOMATIC","approved_date":"Mon, 20 Jan 2025 14:46:01 GMT","approver":null,"notes":""},"created_date":"Mon, 20 Jan 2025 14:46:01 GMT","expiration_date":"Wed, 05 Feb 2025 22:03:37 GMT","jwk":{"e":"AQAB","kid":"<example>","kty":"RSA","n":"<example>"},"kid":"7fr8soqXGgea8JqjwgItjjJT9GKlt-bMyMCDmvzy6WQ","metadata":{"created_by":"CLI tool"},"name":"http://quay-server.example.com:80","rotation_duration":null,"service":"quay"}]}
    Copy to Clipboard Toggle word wrap

  • 使用 GET /api/v1/superuser/keys/{kid} 端点,通过 kid 检索有关服务帐户的信息: 

    $ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  "https://<quay_server>/api/v1/superuser/keys/<kid>"
    Copy to Clipboard Toggle word wrap

    输出示例

    {"approval":{"approval_type":"ServiceKeyApprovalType.AUTOMATIC","approved_date":"Mon, 20 Jan 2025 14:46:01 GMT","approver":null,"notes":""},"created_date":"Mon, 20 Jan 2025 14:46:01 GMT","expiration_date":"Wed, 05 Feb 2025 22:03:37 GMT","jwk":{"e":"AQAB","kid":"7fr8soqXGgea8JqjwgItjjJT9GKlt-bMyMCDmvzy6WQ","kty":"RSA","n":"5iMX7RQ_4F_zdb1qonMsuWUDauCOqEyRpD8L_EhgnwDxrgMHuOlJ4_7sEOrOa3Jkx3QhwIW6LJCP69PR5X0wvz6vmC1DoWEaWv41bAq23Knzj7gUU9-N_fkZPZN9NQwZ-D-Zqg9L1c_cJF93Dy93py8_JswWFDj1FxMaThJmrX68wBwjhF-JLYqgCAGFyezzJ3oTpO-esV9v6R7skfkaqtx_cjLZk_0cKB4VKTtxiy2A8D_5nANTOSSbZLXNh2Vatgh3yrOmnTTNLIs0YO3vFIuylEkczHlln-40UMAzRB3HNspUySyzImO_2yGdrA762LATQrOzJN8E1YKCADx5CQ"},"kid":"7fr8soqXGgea8JqjwgItjjJT9GKlt-bMyMCDmvzy6WQ","metadata":{"created_by":"CLI tool"},"name":"http://quay-server.example.com:80","rotation_duration":null,"service":"quay"}
    Copy to Clipboard Toggle word wrap

  • 使用 PUT /api/v1/superuser/keys/{kid} 端点来更新服务密钥,如元数据: 

    $ curl -X PUT \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Content-Type: application/json" \
  -d '{
        "name": "<service_key_name>",
        "metadata": {"<key>": "<value>"},
        "expiration": <unix_timestamp>
      }' \
  "https://<quay_server>/api/v1/superuser/keys/<kid>"
    Copy to Clipboard Toggle word wrap

    输出示例

    {"approval":{"approval_type":"ServiceKeyApprovalType.AUTOMATIC","approved_date":"Mon, 20 Jan 2025 14:46:01 GMT","approver":null,"notes":""},"created_date":"Mon, 20 Jan 2025 14:46:01 GMT","expiration_date":"Mon, 03 Mar 2025 10:40:00 GMT","jwk":{"e":"AQAB","kid":"7fr8soqXGgea8JqjwgItjjJT9GKlt-bMyMCDmvzy6WQ","kty":"RSA","n":"5iMX7RQ_4F_zdb1qonMsuWUDauCOqEyRpD8L_EhgnwDxrgMHuOlJ4_7sEOrOa3Jkx3QhwIW6LJCP69PR5X0wvz6vmC1DoWEaWv41bAq23Knzj7gUU9-N_fkZPZN9NQwZ-D-Zqg9L1c_cJF93Dy93py8_JswWFDj1FxMaThJmrX68wBwjhF-JLYqgCAGFyezzJ3oTpO-esV9v6R7skfkaqtx_cjLZk_0cKB4VKTtxiy2A8D_5nANTOSSbZLXNh2Vatgh3yrOmnTTNLIs0YO3vFIuylEkczHlln-40UMAzRB3HNspUySyzImO_2yGdrA762LATQrOzJN8E1YKCADx5CQ"},"kid":"7fr8soqXGgea8JqjwgItjjJT9GKlt-bMyMCDmvzy6WQ","metadata":{"created_by":"CLI tool","environment":"production"},"name":"quay-service-key-updated","rotation_duration":null,"service":"quay"}
    Copy to Clipboard Toggle word wrap

  • 使用 DELETE /api/v1/superuser/keys/{kid} 端点删除服务密钥: 

    $ curl -X DELETE \
  -H "Authorization: Bearer <bearer_token>" \
  "https://<quay_server>/api/v1/superuser/keys/<kid>"
    Copy to Clipboard Toggle word wrap

    此命令不会在 CLI 中返回输出。

返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat