diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-11 00:13:54 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-11 00:13:54 +0000 |
| commit | 2d9c62ffb595d2bf555046d09098a0d4af71e17f (patch) | |
| tree | c837cf91cf3e50f443d1dcb852b82448637a5c8b /app/services | |
| parent | d9710d79c52bc73438022e79c79cfe3ab35b084b (diff) | |
| download | gitlab-ce-2d9c62ffb595d2bf555046d09098a0d4af71e17f.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/services')
| -rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 509c2d4d544..3827d199325 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -65,7 +65,12 @@ module Auth token.expire_time = token_expire_at token[:access] = names.map do |name| - { type: type, name: name, actions: actions } + { + type: type, + name: name, + actions: actions, + meta: access_metadata(path: name) + }.compact end token.encoded @@ -75,6 +80,28 @@ module Auth Time.current + Gitlab::CurrentSettings.container_registry_token_expire_delay.minutes end + def self.access_metadata(project: nil, path: nil) + # If the project is not given, try to infer it from the provided path + if project.nil? + return if path.nil? # If no path is given, return early + return if path == 'import' # Ignore the special 'import' path + + # If the path ends with '/*', remove it so we can parse the actual repository path + path = path.chomp('/*') + + # Parse the repository project from the path + begin + project = ContainerRegistry::Path.new(path).repository_project + rescue ContainerRegistry::Path::InvalidRegistryPathError + # If the path is invalid, gracefully handle the error + return + end + end + + # Return the project path (lowercase) as metadata + { project_path: project&.full_path&.downcase } + end + private def authorized_token(*accesses) @@ -138,7 +165,12 @@ module Auth # ensure_container_repository!(path, authorized_actions) - { type: type, name: path.to_s, actions: authorized_actions } + { + type: type, + name: path.to_s, + actions: authorized_actions, + meta: self.class.access_metadata(project: requested_project) + } end def actively_importing?(actions, path) |