diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2016-05-21 22:57:39 +0000 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2016-05-21 22:57:39 +0000 |
commit | 5a02f28a1bb890fd62df628bfe610c0b4d49b2f1 (patch) | |
tree | 489fd77b26362c22c0b2300a7777bf36c25494a9 | |
parent | 024ddf6ea4088bbf5044e5d1b3326769e62073f4 (diff) | |
parent | c6411a785b0c49d17b831a9b4bc05ef4bb68b87f (diff) | |
download | gitlab-ce-5a02f28a1bb890fd62df628bfe610c0b4d49b2f1.tar.gz |
Merge branch 'fix-docker-registry-integration' into 'master'
Fix docker registry integration
See merge request !4229
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 2 | ||||
-rw-r--r-- | app/views/projects/container_registry/index.html.haml | 2 | ||||
-rw-r--r-- | spec/services/auth/container_registry_authentication_service_spec.rb | 13 |
4 files changed, 15 insertions, 3 deletions
diff --git a/CHANGELOG b/CHANGELOG index 67fca2c6f6d..01585ede586 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -13,6 +13,7 @@ v 8.8.0 (unreleased) - Added inline diff styling for `change_title` system notes. (Adam Butler) - Project#open_branches has been cleaned up and no longer loads entire records into memory. - Escape HTML in commit titles in system note messages + - Fix scope used when accessing container registry - Fix creation of Ci::Commit object which can lead to pending, failed in some scenarios - Improve multiple branch push performance by memoizing permission checking - Log to application.log when an admin starts and stops impersonating a user diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 3144e96ba31..f807b8ec09a 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -20,7 +20,7 @@ module Auth token.issuer = registry.issuer token.audience = AUDIENCE token[:access] = names.map do |name| - { type: 'repository', name: name, actions: %w(pull push) } + { type: 'repository', name: name, actions: %w(*) } end token.encoded end diff --git a/app/views/projects/container_registry/index.html.haml b/app/views/projects/container_registry/index.html.haml index 40957993b22..e1e762410f2 100644 --- a/app/views/projects/container_registry/index.html.haml +++ b/app/views/projects/container_registry/index.html.haml @@ -4,7 +4,7 @@ %hr %ul.content-list - .light.prepend-top-default + %li.light.prepend-top-default %p A 'container image' is a snapshot of a container. You can host your container images with GitLab. diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb index 6c9f56a4fba..73b8c3f048f 100644 --- a/spec/services/auth/container_registry_authentication_service_spec.rb +++ b/spec/services/auth/container_registry_authentication_service_spec.rb @@ -10,7 +10,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do subject { described_class.new(current_project, current_user, current_params).execute } before do - stub_container_registry_config(enabled: true, issuer: 'rspec', key: nil) + allow(Gitlab.config.registry).to receive_messages(enabled: true, issuer: 'rspec', key: nil) allow_any_instance_of(JSONWebToken::RSAToken).to receive(:key).and_return(rsa_key) end @@ -60,6 +60,17 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do it { is_expected.to_not include(:token) } end + describe '#full_access_token' do + let(:project) { create(:empty_project) } + let(:token) { described_class.full_access_token(project.path_with_namespace) } + + subject { { token: token } } + + it_behaves_like 'a accessible' do + let(:actions) { ['*'] } + end + end + context 'user authorization' do let(:project) { create(:project) } let(:current_user) { create(:user) } |