diff options
Diffstat (limited to 'app/services/auth/container_registry_authentication_service.rb')
-rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index a2683647c72..bc734465750 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -45,7 +45,12 @@ module Auth token.expire_time = token_expire_at token[:access] = names.map do |name| - { type: 'repository', name: name, actions: actions } + { + type: 'repository', + name: name, + actions: actions, + migration_eligible: migration_eligible(repository_path: name) + }.compact end token.encoded @@ -119,13 +124,20 @@ module Auth type: type, name: path.to_s, actions: authorized_actions, - migration_eligible: migration_eligible(requested_project, authorized_actions) + migration_eligible: self.class.migration_eligible(project: requested_project) }.compact end - def migration_eligible(project, actions) + def self.migration_eligible(project: nil, repository_path: nil) return unless Feature.enabled?(:container_registry_migration_phase1) + # project has precedence over repository_path. If only the latter is provided, we find the corresponding Project. + unless project + return unless repository_path + + project = ContainerRegistry::Path.new(repository_path).repository_project + end + # The migration process will start by allowing only specific test and gitlab-org projects using the # `container_registry_migration_phase1_allow` FF. We'll then move on to a percentage rollout using this same FF. # To remove the risk of impacting enterprise customers that rely heavily on the registry during the percentage |