diff options
author | Long Nguyen <long.polyglot@gmail.com> | 2016-05-22 09:32:39 +0700 |
---|---|---|
committer | Long Nguyen <long.polyglot@gmail.com> | 2016-05-22 09:32:39 +0700 |
commit | f012c3de4c35cb420e8d1ad54fb6a729fb3e04fa (patch) | |
tree | bcb26c7319f8e6b3028f6036ebbc2831688141a7 | |
parent | e099af026fe58ec2a441aab6aec55098d0068594 (diff) | |
parent | 5a02f28a1bb890fd62df628bfe610c0b4d49b2f1 (diff) | |
download | gitlab-ce-f012c3de4c35cb420e8d1ad54fb6a729fb3e04fa.tar.gz |
Merge branch 'master' of https://gitlab.com/gitlab-org/gitlab-ce into issue_17479_todos_not_remove_when_leave_project
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 2 | ||||
-rw-r--r-- | app/views/projects/container_registry/index.html.haml | 2 | ||||
-rw-r--r-- | spec/services/auth/container_registry_authentication_service_spec.rb | 13 |
4 files changed, 15 insertions, 3 deletions
diff --git a/CHANGELOG b/CHANGELOG index 67fca2c6f6d..01585ede586 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -13,6 +13,7 @@ v 8.8.0 (unreleased) - Added inline diff styling for `change_title` system notes. (Adam Butler) - Project#open_branches has been cleaned up and no longer loads entire records into memory. - Escape HTML in commit titles in system note messages + - Fix scope used when accessing container registry - Fix creation of Ci::Commit object which can lead to pending, failed in some scenarios - Improve multiple branch push performance by memoizing permission checking - Log to application.log when an admin starts and stops impersonating a user diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 3144e96ba31..f807b8ec09a 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -20,7 +20,7 @@ module Auth token.issuer = registry.issuer token.audience = AUDIENCE token[:access] = names.map do |name| - { type: 'repository', name: name, actions: %w(pull push) } + { type: 'repository', name: name, actions: %w(*) } end token.encoded end diff --git a/app/views/projects/container_registry/index.html.haml b/app/views/projects/container_registry/index.html.haml index 40957993b22..e1e762410f2 100644 --- a/app/views/projects/container_registry/index.html.haml +++ b/app/views/projects/container_registry/index.html.haml @@ -4,7 +4,7 @@ %hr %ul.content-list - .light.prepend-top-default + %li.light.prepend-top-default %p A 'container image' is a snapshot of a container. You can host your container images with GitLab. diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb index 6c9f56a4fba..73b8c3f048f 100644 --- a/spec/services/auth/container_registry_authentication_service_spec.rb +++ b/spec/services/auth/container_registry_authentication_service_spec.rb @@ -10,7 +10,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do subject { described_class.new(current_project, current_user, current_params).execute } before do - stub_container_registry_config(enabled: true, issuer: 'rspec', key: nil) + allow(Gitlab.config.registry).to receive_messages(enabled: true, issuer: 'rspec', key: nil) allow_any_instance_of(JSONWebToken::RSAToken).to receive(:key).and_return(rsa_key) end @@ -60,6 +60,17 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do it { is_expected.to_not include(:token) } end + describe '#full_access_token' do + let(:project) { create(:empty_project) } + let(:token) { described_class.full_access_token(project.path_with_namespace) } + + subject { { token: token } } + + it_behaves_like 'a accessible' do + let(:actions) { ['*'] } + end + end + context 'user authorization' do let(:project) { create(:project) } let(:current_user) { create(:user) } |