summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYorick Peterse <yorickpeterse@gmail.com>2016-05-21 22:57:39 +0000
committerYorick Peterse <yorickpeterse@gmail.com>2016-05-21 22:57:39 +0000
commit5a02f28a1bb890fd62df628bfe610c0b4d49b2f1 (patch)
tree489fd77b26362c22c0b2300a7777bf36c25494a9
parent024ddf6ea4088bbf5044e5d1b3326769e62073f4 (diff)
parentc6411a785b0c49d17b831a9b4bc05ef4bb68b87f (diff)
downloadgitlab-ce-5a02f28a1bb890fd62df628bfe610c0b4d49b2f1.tar.gz
Merge branch 'fix-docker-registry-integration' into 'master'
Fix docker registry integration See merge request !4229
-rw-r--r--CHANGELOG1
-rw-r--r--app/services/auth/container_registry_authentication_service.rb2
-rw-r--r--app/views/projects/container_registry/index.html.haml2
-rw-r--r--spec/services/auth/container_registry_authentication_service_spec.rb13
4 files changed, 15 insertions, 3 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 67fca2c6f6d..01585ede586 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,6 +13,7 @@ v 8.8.0 (unreleased)
- Added inline diff styling for `change_title` system notes. (Adam Butler)
- Project#open_branches has been cleaned up and no longer loads entire records into memory.
- Escape HTML in commit titles in system note messages
+ - Fix scope used when accessing container registry
- Fix creation of Ci::Commit object which can lead to pending, failed in some scenarios
- Improve multiple branch push performance by memoizing permission checking
- Log to application.log when an admin starts and stops impersonating a user
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb
index 3144e96ba31..f807b8ec09a 100644
--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -20,7 +20,7 @@ module Auth
token.issuer = registry.issuer
token.audience = AUDIENCE
token[:access] = names.map do |name|
- { type: 'repository', name: name, actions: %w(pull push) }
+ { type: 'repository', name: name, actions: %w(*) }
end
token.encoded
end
diff --git a/app/views/projects/container_registry/index.html.haml b/app/views/projects/container_registry/index.html.haml
index 40957993b22..e1e762410f2 100644
--- a/app/views/projects/container_registry/index.html.haml
+++ b/app/views/projects/container_registry/index.html.haml
@@ -4,7 +4,7 @@
%hr
%ul.content-list
- .light.prepend-top-default
+ %li.light.prepend-top-default
%p
A 'container image' is a snapshot of a container.
You can host your container images with GitLab.
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb
index 6c9f56a4fba..73b8c3f048f 100644
--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -10,7 +10,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
subject { described_class.new(current_project, current_user, current_params).execute }
before do
- stub_container_registry_config(enabled: true, issuer: 'rspec', key: nil)
+ allow(Gitlab.config.registry).to receive_messages(enabled: true, issuer: 'rspec', key: nil)
allow_any_instance_of(JSONWebToken::RSAToken).to receive(:key).and_return(rsa_key)
end
@@ -60,6 +60,17 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
it { is_expected.to_not include(:token) }
end
+ describe '#full_access_token' do
+ let(:project) { create(:empty_project) }
+ let(:token) { described_class.full_access_token(project.path_with_namespace) }
+
+ subject { { token: token } }
+
+ it_behaves_like 'a accessible' do
+ let(:actions) { ['*'] }
+ end
+ end
+
context 'user authorization' do
let(:project) { create(:project) }
let(:current_user) { create(:user) }