Be nice to Docker Clients talking to JWT/auth

1 files changed, 9 insertions, 2 deletions

diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb
index 38ac6631228..8ea88da8a53 100644
--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -7,10 +7,10 @@ module Auth
     def execute(authentication_abilities:)
       @authentication_abilities = authentication_abilities
 
-      return error('not found', 404) unless registry.enabled
+      return error('UNAVAILABLE', status: 404, message: 'registry not enabled') unless registry.enabled
 
       unless current_user || project
-        return error('forbidden', 403) unless scope
+        return error('DENIED', status: 403, message: 'access forbidden') unless scope
       end
 
       { token: authorized_token(scope).encoded }
@@ -111,5 +111,12 @@ module Auth
       @authentication_abilities.include?(:create_container_image) &&
         can?(current_user, :create_container_image, requested_project)
     end
+
+    def error(code, status:, message: '')
+      {
+        errors: [{ code: code, message: message }],
+        http_status: status
+      }
+    end
   end
 end