summaryrefslogtreecommitdiff
path: root/spec/services
diff options
context:
space:
mode:
authorMaxime Visonneau <maxime.visonneau@gmail.com>2017-05-23 23:45:01 +0200
committerLin Jen-Shin <godfat@godfat.org>2017-08-02 17:09:54 +0800
commit1cdc76f4559ff6d1ee0a1e6f277923094bff6f6c (patch)
tree09dbe6e4a0dfd31b26f6d4eb67ef0c0bef8103fa /spec/services
parenta210ddaa1bee5222320108a654e52f4f4c26df05 (diff)
downloadgitlab-ce-1cdc76f4559ff6d1ee0a1e6f277923094bff6f6c.tar.gz
Implemented star auth capabilities on docker registry to enable deletion of images
Diffstat (limited to 'spec/services')
-rw-r--r--spec/services/auth/container_registry_authentication_service_spec.rb34
1 files changed, 28 insertions, 6 deletions
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb
index 7f704629bfa..a19ac911315 100644
--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -163,7 +163,9 @@ describe Auth::ContainerRegistryAuthenticationService do
end
context 'disallow reporter to delete images' do
- before { project.team << [current_user, :reporter] }
+ before do
+ project.add_reporter(current_user)
+ end
let(:current_params) do
{ scope: "repository:#{project.path_with_namespace}:*" }
@@ -230,6 +232,14 @@ describe Auth::ContainerRegistryAuthenticationService do
it_behaves_like 'not a container repository factory'
end
+ context 'disallow anyone to delete images' do
+ let(:current_params) do
+ { scope: "repository:#{project.path_with_namespace}:*" }
+ end
+
+ it_behaves_like 'an inaccessible'
+ end
+
context 'when repository name is invalid' do
let(:current_params) do
{ scope: 'repository:invalid:push' }
@@ -280,13 +290,25 @@ describe Auth::ContainerRegistryAuthenticationService do
end
context 'for external user' do
- let(:current_user) { create(:user, external: true) }
- let(:current_params) do
- { scope: "repository:#{project.full_path}:pull,push,*" }
+ context 'disallow anyone to pull or push images' do
+ let(:current_user) { create(:user, external: true) }
+ let(:current_params) do
+ { scope: "repository:#{project.path_with_namespace}:pull,push" }
+ end
+
+ it_behaves_like 'an inaccessible'
+ it_behaves_like 'not a container repository factory'
end
- it_behaves_like 'an inaccessible'
- it_behaves_like 'not a container repository factory'
+ context 'disallow anyone to delete images' do
+ let(:current_user) { create(:user, external: true) }
+ let(:current_params) do
+ { scope: "repository:#{project.path_with_namespace}:*" }
+ end
+
+ it_behaves_like 'an inaccessible'
+ it_behaves_like 'not a container repository factory'
+ end
end
end
end