diff options
| author | Andre Guedes <andrebsguedes@gmail.com> | 2016-11-02 00:33:35 -0200 |
|---|---|---|
| committer | Andre Guedes <andrebsguedes@gmail.com> | 2017-02-22 11:29:06 -0300 |
| commit | dcd4beb8eb7bb7d0c2f720ef85c3da9f97a3dfe6 (patch) | |
| tree | 53cc8f6d1f055a88aec411608cba51460b001e1c /app/services/auth | |
| parent | e43b2e81dab3cade773d479f2ae56478e3113207 (diff) | |
| download | gitlab-ce-dcd4beb8eb7bb7d0c2f720ef85c3da9f97a3dfe6.tar.gz | |
Multi-level container image names backend implementation
- Adds Registry events API endpoint
- Adds container_images_repository and container_images models
- Changes JWT authentication to allow multi-level scopes
- Adds services for container image maintenance
Diffstat (limited to 'app/services/auth')
| -rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 5cb7a86a5ee..6b83b38fa4d 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -16,7 +16,7 @@ module Auth { token: authorized_token(scope).encoded } end - def self.full_access_token(*names) + def self.full_access_token(names) registry = Gitlab.config.registry token = JSONWebToken::RSAToken.new(registry.key) token.issuer = registry.issuer @@ -61,7 +61,12 @@ module Auth end def process_repository_access(type, name, actions) - requested_project = Project.find_by_full_path(name) + # Strips image name due to lack of + # per image authentication. + # Removes only last occurence in light + # of future nested groups + namespace, _ = ContainerImage::split_namespace(name) + requested_project = Project.find_by_full_path(namespace) return unless requested_project actions = actions.select do |action| |