Adds disable_pushes configuration field to guide (quay#1124)

Co-authored-by: Steven Smith <[email protected]>

Author: stevsmit

modules/config-fields-misc.adoc

@@ -94,4 +94,8 @@
   + 
 **Default:** False
 
+|*DISABLE_PUSHES* |Boolean | Disables pushes of new content to the registry while retaining all other functionality. Differs from `read-only` mode because database is not set as `read-only`. When `DISABLE_PUSHES` is set to `true`, the {productname} garbage collector is disabled. As a result, when `PERMANENTLY_DELETE_TAGS` is enabled, using the {productname} UI to permanently delete a tag does not result in the immediate deletion of a tag. Instead, the image stays in the backend storage until `DISABLE_PUSHES` is set to `false`, which re-enables the garbage collector. {productname} administrators should be aware of this caveat when using `DISABLE_PUSHES` and `PERMANENTLY_DELETE_TAGS` together. +
+ +
+ **Default:** False
+
 |===

modules/config-fields-storage-features.adoc

@@ -17,4 +17,5 @@ The following table describes the image storage features for {productname}:
 | **FEATURE_STORAGE_REPLICATION** | Boolean | Whether to automatically replicate between storage engines. +
  + 
 **Default:** `false`
+
 |===

modules/config-fields-storage-fields.adoc

@@ -25,4 +25,5 @@ The following table describes the image storage configuration fields for {produc
 **Example**: `100G` +
  +
 **Default:**  `20G`
+
 |===

modules/config-updates-313.adoc

@@ -0,0 +1,26 @@
+:_content-type: REFERENCE
+[id="config-updates-313"]
+= Configuration updates for {productname} 3.13
+
+The following sections detail new configuration fields added in {productname} 3.13.
+
+[id="disabling-pushes-configuration-field"]
+== Disabling pushes to the {productname} registry
+
+The following configuration field has been added to disable the push of new content to the registry.
+
+|===
+| Field | Type | Description 
+
+|*DISABLE_PUSHES* |Boolean | Disables pushes of new content to the registry while retaining all other functionality. Differs from `read-only` mode because database is not set as `read-only`. When `DISABLE_PUSHES` is set to `true`, the {productname} garbage collector is disabled. As a result, when `PERMANENTLY_DELETE_TAGS` is enabled, using the {productname} UI to permanently delete a tag does not result in the immediate deletion of a tag. Instead, the image stays in the backend storage until `DISABLE_PUSHES` is set to `false`, which re-enables the garbage collector. {productname} administrators should be aware of this caveat when using `DISABLE_PUSHES` and `PERMANENTLY_DELETE_TAGS` together. +
+ +
+ **Default:** False
+|===
+
+.Example DISABLE_PUSHES configuration field
+[source,yaml]
+----
+# ...
+DISABLE_PUSHES: true
+# ...
+----

modules/optional-enabling-read-only-mode-backup-restore-ocp.adoc

@@ -6,6 +6,15 @@ Enabling read-only mode for your {productname-ocp} deployment allows you to mana
 
 When backing up and restoring, you are required to scale down your {productname-ocp} deployment. This results in service unavailability during the backup period which, in some cases, might be unacceptable. Enabling read-only mode ensures service availability during the backup and restore procedure for {productname-ocp} deployments.
 
+[NOTE]
+====
+In some cases, a read-only option for {productname} is not possible since it requires inserting a service key and other manual configuration changes. As an alternative to read-only mode, {productname} administrators might consider enabling the `DISABLE_PUSHES` feature. When this field is set to `true`, users are unable to push images or image tags to the registry when using the CLI. Enabling `DISABLE_PUSHES` differs from `read-only` mode because the database is not set as `read-only` when it is enabled. 
+
+This field might be useful in some situations such as when {productname} administrators want to calculate their registry's quota and disable image pushing until after calculation has completed. With this method, administrators can avoid putting putting the whole registry in `read-only` mode, which affects the database, so that most operations can still be done.
+
+For information about enabling this configuration field, see link:https://docs.redhat.com/en/documentation/red_hat_quay/{producty}/html-single/configure_red_hat_quay/index#config-fields-misc[Miscellaneous configuration fields].
+====
+
 .Prerequisites 
 
 * If you are using {rhel} 7.x:

modules/optional-enabling-read-only-mode-backup-restore-standalone.adoc

@@ -4,6 +4,15 @@
 
 Enabling read-only mode for your {productname} deployment allows you to manage the registry's operations. {productname} administrators can enable read-only mode to restrict write access to the registry, which helps ensure data integrity, mitigate risks during maintenance windows, and provide a safeguard against unintended modifications to registry data. It also helps to ensure that your {productname} registry remains online and available to serve images to users. 
 
+[NOTE]
+====
+In some cases, a read-only option for {productname} is not possible since it requires inserting a service key and other manual configuration changes. As an alternative to read-only mode, {productname} administrators might consider enabling the `DISABLE_PUSHES` feature. When this field is set to `true`, users are unable to push images or image tags to the registry when using the CLI. Enabling `DISABLE_PUSHES` differs from `read-only` mode because the database is not set as `read-only` when it is enabled. 
+
+This field might be useful in some situations such as when {productname} administrators want to calculate their registry's quota and disable image pushing until after calculation has completed. With this method, administrators can avoid putting putting the whole registry in `read-only` mode, which affects the database, so that most operations can still be done.
+
+For information about enabling this configuration field, see link:https://docs.redhat.com/en/documentation/red_hat_quay/{producty}/html-single/configure_red_hat_quay/index#config-fields-misc[Miscellaneous configuration fields].
+====
+
 .Prerequisites 
 
 * If you are using {rhel} 7.x:

modules/rn_3_13_0.adoc

@@ -83,21 +83,28 @@ For more information, see . . .
 
 The following configuration fields have been added to {productname} {producty}.
 
-[id="oauth-reassign-configuration-field"]
-=== OAuth access token reassignment configuration field 
+[id="disable-pushes-configuration-field"]
+=== Disabling pushes to the {productname} registry configuration field
+
+In some cases, a read-only option for {productname} is not possible since it requires inserting a service key and other manual configuration changes. With the release of {productname} 3.13, a new configuration field has been added: `DISABLE_PUSHES`. 
+
+When `DISABLE_PUSHES` is set to `true`, users are unable to push images or image tags to the registry when using the CLI. Most other registry operations continue as normal when this feature is enabled by using the {productname} UI. For example, changing tags, editing a repository, robot account creation and deletion, user creation, and so on are all possible by using the UI. 
+
+When `DISABLE_PUSHES` is set to `true`, the {productname} garbage collector is disabled. As a result, when `PERMANENTLY_DELETE_TAGS` is enabled, using the {productname} UI to permanently delete a tag does not result in the immediate deletion of a tag. Instead, the tag stays in the repository until `DISABLE_PUSHES` is set to `false`, which re-enables the garbage collector. {productname} administrators should be aware of this caveat when using `DISABLE_PUSHES` and `PERMANENTLY_DELETE_TAGS` together.
+
+This field might be useful in some situations such as when {productname} administrators want to calculate their registry's quota and disable image pushing until after calculation has completed. With this method, administrators can avoid putting putting the whole registry in `read-only` mode, which affects the database, so that most operations can still be done.
 
-The following configuration field has been added for reassigning OAuth access tokens:
 |===
-| Field | Type | Description
+| Field | Type | Description 
 
-| | | 
+|*DISABLE_PUSHES* |Boolean | Disables pushes of new content to the registry while retaining all other functionality. Differs from `read-only` mode because database is not set as `read-only`. Defaults to `false`.
 |===
 
-.Example YAML config field
+.Example DISABLE_PUSHES configuration field
 [source,yaml]
 ----
 # ...
-yaml: true
+DISABLE_PUSHES: true
 # ...
 ----