Split repo trusted setting (#4025)

2025-10-21 12:00:02 +00:00 · 2024-11-01 22:37:31 +02:00
parent 383bfbb6de
commit 29474fc7d9
26 changed files with 373 additions and 193 deletions
--- a/web/src/assets/locales/en.json
+++ b/web/src/assets/locales/en.json
@@ -98,7 +98,18 @@
        },
        "trusted": {
          "trusted": "Trusted",
-          "desc": "Underlying pipeline containers get access to escalated capabilities (like mounting volumes)."
+          "network": {
+            "network": "Network",
+            "desc": "Underlying pipeline containers get access to network privileges like changing DNS."
+          },
+          "volumes": {
+            "volumes": "Volumes",
+            "desc": "Underlying pipeline containers get access to volume privileges."
+          },
+          "security": {
+            "security": "Security",
+            "desc": "Underlying pipeline containers get access to security privileges."
+          }
        },
        "visibility": {
          "visibility": "Project visibility",
--- a/web/src/components/repo/settings/GeneralTab.vue
+++ b/web/src/components/repo/settings/GeneralTab.vue
@@ -45,11 +45,27 @@
          :label="$t('repo.settings.general.netrc_only_trusted.netrc_only_trusted')"
          :description="$t('repo.settings.general.netrc_only_trusted.desc')"
        />
+      </InputField>
+
+      <InputField
+        v-if="user?.admin"
+        docs-url="docs/usage/project-settings#project-settings-1"
+        :label="$t('repo.settings.general.trusted.trusted')"
+      >
        <Checkbox
-          v-if="user?.admin"
-          v-model="repoSettings.trusted"
-          :label="$t('repo.settings.general.trusted.trusted')"
-          :description="$t('repo.settings.general.trusted.desc')"
+          v-model="repoSettings.trusted.network"
+          :label="$t('repo.settings.general.trusted.network.network')"
+          :description="$t('repo.settings.general.trusted.network.desc')"
+        />
+        <Checkbox
+          v-model="repoSettings.trusted.volumes"
+          :label="$t('repo.settings.general.trusted.volumes.volumes')"
+          :description="$t('repo.settings.general.trusted.volumes.desc')"
+        />
+        <Checkbox
+          v-model="repoSettings.trusted.security"
+          :label="$t('repo.settings.general.trusted.security.security')"
+          :description="$t('repo.settings.general.trusted.security.desc')"
        />
      </InputField>

--- a/web/src/lib/api/types/repo.ts
+++ b/web/src/lib/api/types/repo.ts
@@ -50,7 +50,7 @@ export interface Repo {
  // Whether the repository has trusted access for pipelines.
  // If the repository is trusted then the host network can be used and
  // volumes can be created.
-  trusted: boolean;
+  trusted: RepoTrusted;

  // x-dart-type: Duration
  // The amount of time in minutes before the pipeline is killed.
@@ -102,3 +102,9 @@ export interface RepoPermissions {
  admin: boolean;
  synced: number;
 }
+
+export interface RepoTrusted {
+  network: boolean;
+  volumes: boolean;
+  security: boolean;
+}