fix: Update AWS DynamoDB permission list, and correct issues in Dynam…

…oDB examples Note DeleteTable is only used for the zot tests, should not be needed in production Signed-off-by: Andrei Aaron <[email protected]>
project-zot · Feb 12, 2025 · 452fbe8 · 452fbe8
1 parent 528c2e5
commit 452fbe8
Show file tree

Hide file tree

Showing 7 changed files with 31 additions and 14 deletions.
diff --git a/examples/README.md b/examples/README.md
@@ -873,10 +873,14 @@ Additionally if search extension is enabled, additional parameters are needed:
             "endpoint": "http://localhost:4566",
             "region": "us-east-2",
             "cacheTablename": "ZotBlobTable",
+            // used for auth
+            "userDataTablename": "ZotUserDataTable",
+            "apiKeyTablename": "ZotApiKeyDataTable",
             // used by search extensions
             "repoMetaTablename": "ZotRepoMetadataTable",
-            "manifestDataTablename": "ZotManifestDataTable",
-            "userDataTablename": "ZotUserDataTable",
+            "imageMetaTablename": "ZotImageMetaTable",
+            "indexDataTablename": "ZotIndexDataTable",
+            "repoBlobsInfoTablename": "ZotRepoBlobsInfoTable",
             "versionTablename": "ZotVersion"
         }
 ```
@@ -891,6 +895,10 @@ The following AWS policy is required by zot for caching blobs. Make sure to repl
       "Effect": "Allow",
       "Action": [
         "dynamodb:CreateTable",
+        "dynamodb:DescribeTable",
+        "dynamodb:DeleteTable",
+        "dynamodb:Scan",
+        "dynamodb:BatchGetItem",
         "dynamodb:GetItem",
         "dynamodb:UpdateItem",
         "dynamodb:DeleteItem"
@@ -900,6 +908,8 @@ The following AWS policy is required by zot for caching blobs. Make sure to repl
   ]
 }
 
+Note `dynamodb:DeleteTable` is used only in running the zot tests, should not be needed in production.
+
 ### Redis
 
 Redis is an alternative to BoltDB (which cannot be shared by multiple zot instances) and DynamoDB (requires access to AWS).

diff --git a/examples/config-all-remote.json b/examples/config-all-remote.json
@@ -21,6 +21,8 @@
             "repoMetaTablename": "ZotRepoMetadataTable",
             "imageMetaTablename": "ZotImageMetaTable",
             "repoBlobsInfoTablename": "ZotRepoBlobsInfoTable",
+            "userDataTablename": "ZotUserDataTable",
+            "apiKeyTablename": "ZotApiKeyTable",
             "versionTablename": "ZotVersion"
         }
     },

diff --git a/examples/config-dynamodb.json b/examples/config-dynamodb.json
@@ -23,6 +23,7 @@
             "imageMetaTablename": "ZotImageMetaTable",
             "repoBlobsInfoTablename": "ZotRepoBlobsInfoTable",
             "userDataTablename": "ZotUserDataTable",
+            "apiKeyTablename": "ZotApiKeyTable",
             "versionTablename": "ZotVersion"
         }
     },

diff --git a/test/gc-stress/config-gc-bench-s3-localstack.json b/test/gc-stress/config-gc-bench-s3-localstack.json
@@ -20,10 +20,11 @@
             "region": "us-east-2",
             "cacheTablename": "BlobTable",
             "repoMetaTablename": "RepoMetadataTable",
+            "imageMetaTablename": "ImageMetaTable",
             "indexDataTablename": "IndexDataTable",
-            "manifestDataTablename": "ManifestDataTable",
-            "apikeytablename": "ApiKeyDataTable",
-            "userdatatablename": "UserDataTable",
+            "repoBlobsInfoTablename": "RepoBlobsInfoTable",
+            "apiKeyTablename": "ApiKeyDataTable",
+            "userDataTablename": "UserDataTable",
             "versionTablename": "VersionTable"
         }
     },

diff --git a/test/gc-stress/config-gc-bench-s3-minio.json b/test/gc-stress/config-gc-bench-s3-minio.json
@@ -22,10 +22,11 @@
             "region": "us-east-2",
             "cacheTablename": "BlobTable",
             "repoMetaTablename": "RepoMetadataTable",
+            "imageMetaTablename": "ImageMetaTable",
             "indexDataTablename": "IndexDataTable",
-            "manifestDataTablename": "ManifestDataTable",
-            "apikeytablename": "ApiKeyDataTable",
-            "userdatatablename": "UserDataTable",
+            "repoBlobsInfoTablename": "RepoBlobsInfoTable",
+            "apiKeyTablename": "ApiKeyDataTable",
+            "userDataTablename": "UserDataTable",
             "versionTablename": "VersionTable"
         }
     },

diff --git a/test/gc-stress/config-gc-referrers-bench-s3-localstack.json b/test/gc-stress/config-gc-referrers-bench-s3-localstack.json
@@ -29,10 +29,11 @@
             "region": "us-east-2",
             "cacheTablename": "BlobTable",
             "repoMetaTablename": "RepoMetadataTable",
+            "imageMetaTablename": "ImageMetaTable",
             "indexDataTablename": "IndexDataTable",
-            "manifestDataTablename": "ManifestDataTable",
-            "apikeytablename": "ApiKeyDataTable",
-            "userdatatablename": "UserDataTable",
+            "repoBlobsInfoTablename": "RepoBlobsInfoTable",
+            "apiKeyTablename": "ApiKeyDataTable",
+            "userDataTablename": "UserDataTable",
             "versionTablename": "VersionTable"
         }
     },

diff --git a/test/gc-stress/config-gc-referrers-bench-s3-minio.json b/test/gc-stress/config-gc-referrers-bench-s3-minio.json
@@ -31,10 +31,11 @@
             "region": "us-east-2",
             "cacheTablename": "BlobTable",
             "repoMetaTablename": "RepoMetadataTable",
+            "imageMetaTablename": "ImageMetaTable",
             "indexDataTablename": "IndexDataTable",
-            "manifestDataTablename": "ManifestDataTable",
-            "apikeytablename": "ApiKeyDataTable",
-            "userdatatablename": "UserDataTable",
+            "repoBlobsInfoTablename": "RepoBlobsInfoTable",
+            "apiKeyTablename": "ApiKeyDataTable",
+            "userDataTablename": "UserDataTable",
             "versionTablename": "VersionTable"
         }
     },