diff options
| author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-03-23 11:41:16 +0100 |
|---|---|---|
| committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-03-23 11:41:16 +0100 |
| commit | 4005eb643657e5ee8b1f328e36a3204253e3acf4 (patch) | |
| tree | 0bf4666589a4809b515b36419de7d09d961a1ba1 | |
| parent | 896b13b929369c02f72fa881eda24ca4a6a0d900 (diff) | |
| download | gitlab-ce-4005eb643657e5ee8b1f328e36a3204253e3acf4.tar.gz | |
Fix communication between GitLab and Container Registry
| -rw-r--r-- | app/models/container_image.rb | 23 | ||||
| -rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 17 |
2 files changed, 24 insertions, 16 deletions
diff --git a/app/models/container_image.rb b/app/models/container_image.rb index 6e9a060d7a8..434302159b0 100644 --- a/app/models/container_image.rb +++ b/app/models/container_image.rb @@ -43,13 +43,20 @@ class ContainerImage < ActiveRecord::Base end end - def self.from_path(full_path) - return unless full_path.include?('/') - - path = full_path[0...full_path.rindex('/')] - name = full_path[full_path.rindex('/')+1..-1] - project = Project.find_by_full_path(path) - - self.new(name: name, path: path, project: project) + def self.project_from_path(image_path) + return unless image_path.include?('/') + + ## + # Projects are always located inside a namespace, so we can remove + # the last node, and see if project with that path exists. + # + truncated_path = image_path.slice(0...image_path.rindex('/')) + + ## + # We still make it possible to search projects by a full image path + # in order to maintain backwards compatibility. + # + Project.find_by_full_path(truncated_path) || + Project.find_by_full_path(image_path) end end diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 7e412040c7c..2205b0897e2 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -38,13 +38,13 @@ module Auth private def authorized_token(*accesses) - token = JSONWebToken::RSAToken.new(registry.key) - token.issuer = registry.issuer - token.audience = params[:service] - token.subject = current_user.try(:username) - token.expire_time = self.class.token_expire_at - token[:access] = accesses.compact - token + JSONWebToken::RSAToken.new(registry.key).tap do |token| + token.issuer = registry.issuer + token.audience = params[:service] + token.subject = current_user.try(:username) + token.expire_time = self.class.token_expire_at + token[:access] = accesses.compact + end end def scope @@ -62,7 +62,8 @@ module Auth end def process_repository_access(type, name, actions) - requested_project = ContainerImage.from_path(name).project + requested_project = ContainerImage.project_from_path(name) + return unless requested_project actions = actions.select do |action| |