diff options
| author | Peter Bábics <peter.ntx@gmail.com> | 2019-03-07 12:14:54 +0100 |
|---|---|---|
| committer | Peter Bábics <peter.ntx@gmail.com> | 2019-03-18 23:04:29 +0100 |
| commit | eadee27a3f9753d446a7e29c1a24eb773443f1d7 (patch) | |
| tree | a3693544a74284d47e8f767788e91568327526b7 /spec/services/auth | |
| parent | 5c59ff3df2c50696cbffffe38a82c8767d3e2a88 (diff) | |
| download | gitlab-ce-eadee27a3f9753d446a7e29c1a24eb773443f1d7.tar.gz | |
Add support for deleting images in registry 2.7
Diffstat (limited to 'spec/services/auth')
| -rw-r--r-- | spec/services/auth/container_registry_authentication_service_spec.rb | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb index 8021bd338e0..c9d85e96750 100644 --- a/spec/services/auth/container_registry_authentication_service_spec.rb +++ b/spec/services/auth/container_registry_authentication_service_spec.rb @@ -88,6 +88,12 @@ describe Auth::ContainerRegistryAuthenticationService do end end + shared_examples 'a deletable since registry 2.7' do + it_behaves_like 'an accessible' do + let(:actions) { ['delete'] } + end + end + shared_examples 'a pullable' do it_behaves_like 'an accessible' do let(:actions) { ['pull'] } @@ -184,6 +190,19 @@ describe Auth::ContainerRegistryAuthenticationService do it_behaves_like 'not a container repository factory' end + context 'disallow developer to delete images since registry 2.7' do + before do + project.add_developer(current_user) + end + + let(:current_params) do + { scopes: ["repository:#{project.full_path}:delete"] } + end + + it_behaves_like 'an inaccessible' + it_behaves_like 'not a container repository factory' + end + context 'allow reporter to pull images' do before do project.add_reporter(current_user) @@ -212,6 +231,19 @@ describe Auth::ContainerRegistryAuthenticationService do it_behaves_like 'not a container repository factory' end + context 'disallow reporter to delete images since registry 2.7' do + before do + project.add_reporter(current_user) + end + + let(:current_params) do + { scopes: ["repository:#{project.full_path}:delete"] } + end + + it_behaves_like 'an inaccessible' + it_behaves_like 'not a container repository factory' + end + context 'return a least of privileges' do before do project.add_reporter(current_user) @@ -250,6 +282,19 @@ describe Auth::ContainerRegistryAuthenticationService do it_behaves_like 'an inaccessible' it_behaves_like 'not a container repository factory' end + + context 'disallow guest to delete images since regsitry 2.7' do + before do + project.add_guest(current_user) + end + + let(:current_params) do + { scopes: ["repository:#{project.full_path}:delete"] } + end + + it_behaves_like 'an inaccessible' + it_behaves_like 'not a container repository factory' + end end context 'for public project' do @@ -282,6 +327,15 @@ describe Auth::ContainerRegistryAuthenticationService do it_behaves_like 'not a container repository factory' end + context 'disallow anyone to delete images since registry 2.7' do + let(:current_params) do + { scopes: ["repository:#{project.full_path}:delete"] } + end + + it_behaves_like 'an inaccessible' + it_behaves_like 'not a container repository factory' + end + context 'when repository name is invalid' do let(:current_params) do { scopes: ['repository:invalid:push'] } @@ -322,6 +376,15 @@ describe Auth::ContainerRegistryAuthenticationService do it_behaves_like 'an inaccessible' it_behaves_like 'not a container repository factory' end + + context 'disallow anyone to delete images since registry 2.7' do + let(:current_params) do + { scopes: ["repository:#{project.full_path}:delete"] } + end + + it_behaves_like 'an inaccessible' + it_behaves_like 'not a container repository factory' + end end context 'for external user' do @@ -344,6 +407,16 @@ describe Auth::ContainerRegistryAuthenticationService do it_behaves_like 'an inaccessible' it_behaves_like 'not a container repository factory' end + + context 'disallow anyone to delete images since registry 2.7' do + let(:current_user) { create(:user, external: true) } + let(:current_params) do + { scopes: ["repository:#{project.full_path}:delete"] } + end + + it_behaves_like 'an inaccessible' + it_behaves_like 'not a container repository factory' + end end end end @@ -371,6 +444,16 @@ describe Auth::ContainerRegistryAuthenticationService do let(:project) { current_project } end end + + context 'allow to delete images since registry 2.7' do + let(:current_params) do + { scopes: ["repository:#{current_project.full_path}:delete"] } + end + + it_behaves_like 'a deletable since registry 2.7' do + let(:project) { current_project } + end + end end context 'build authorized as user' do @@ -419,6 +502,16 @@ describe Auth::ContainerRegistryAuthenticationService do end end + context 'disallow to delete images since registry 2.7' do + let(:current_params) do + { scopes: ["repository:#{current_project.full_path}:delete"] } + end + + it_behaves_like 'an inaccessible' do + let(:project) { current_project } + end + end + context 'for other projects' do context 'when pulling' do let(:current_params) do |