diff options
author | Maxime Visonneau <maxime.visonneau@gmail.com> | 2017-05-23 23:45:01 +0200 |
---|---|---|
committer | Lin Jen-Shin <godfat@godfat.org> | 2017-08-02 17:09:54 +0800 |
commit | 1cdc76f4559ff6d1ee0a1e6f277923094bff6f6c (patch) | |
tree | 09dbe6e4a0dfd31b26f6d4eb67ef0c0bef8103fa /spec/services | |
parent | a210ddaa1bee5222320108a654e52f4f4c26df05 (diff) | |
download | gitlab-ce-1cdc76f4559ff6d1ee0a1e6f277923094bff6f6c.tar.gz |
Implemented star auth capabilities on docker registry to enable deletion of images
Diffstat (limited to 'spec/services')
-rw-r--r-- | spec/services/auth/container_registry_authentication_service_spec.rb | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb index 7f704629bfa..a19ac911315 100644 --- a/spec/services/auth/container_registry_authentication_service_spec.rb +++ b/spec/services/auth/container_registry_authentication_service_spec.rb @@ -163,7 +163,9 @@ describe Auth::ContainerRegistryAuthenticationService do end context 'disallow reporter to delete images' do - before { project.team << [current_user, :reporter] } + before do + project.add_reporter(current_user) + end let(:current_params) do { scope: "repository:#{project.path_with_namespace}:*" } @@ -230,6 +232,14 @@ describe Auth::ContainerRegistryAuthenticationService do it_behaves_like 'not a container repository factory' end + context 'disallow anyone to delete images' do + let(:current_params) do + { scope: "repository:#{project.path_with_namespace}:*" } + end + + it_behaves_like 'an inaccessible' + end + context 'when repository name is invalid' do let(:current_params) do { scope: 'repository:invalid:push' } @@ -280,13 +290,25 @@ describe Auth::ContainerRegistryAuthenticationService do end context 'for external user' do - let(:current_user) { create(:user, external: true) } - let(:current_params) do - { scope: "repository:#{project.full_path}:pull,push,*" } + context 'disallow anyone to pull or push images' do + let(:current_user) { create(:user, external: true) } + let(:current_params) do + { scope: "repository:#{project.path_with_namespace}:pull,push" } + end + + it_behaves_like 'an inaccessible' + it_behaves_like 'not a container repository factory' end - it_behaves_like 'an inaccessible' - it_behaves_like 'not a container repository factory' + context 'disallow anyone to delete images' do + let(:current_user) { create(:user, external: true) } + let(:current_params) do + { scope: "repository:#{project.path_with_namespace}:*" } + end + + it_behaves_like 'an inaccessible' + it_behaves_like 'not a container repository factory' + end end end end |