Commit 5a02f28a authored by Yorick Peterse's avatar Yorick Peterse

Merge branch 'fix-docker-registry-integration' into 'master'

Fix docker registry integration

See merge request !4229
parents 024ddf6e c6411a78
...@@ -13,6 +13,7 @@ v 8.8.0 (unreleased) ...@@ -13,6 +13,7 @@ v 8.8.0 (unreleased)
- Added inline diff styling for `change_title` system notes. (Adam Butler) - Added inline diff styling for `change_title` system notes. (Adam Butler)
- Project#open_branches has been cleaned up and no longer loads entire records into memory. - Project#open_branches has been cleaned up and no longer loads entire records into memory.
- Escape HTML in commit titles in system note messages - Escape HTML in commit titles in system note messages
- Fix scope used when accessing container registry
- Fix creation of Ci::Commit object which can lead to pending, failed in some scenarios - Fix creation of Ci::Commit object which can lead to pending, failed in some scenarios
- Improve multiple branch push performance by memoizing permission checking - Improve multiple branch push performance by memoizing permission checking
- Log to application.log when an admin starts and stops impersonating a user - Log to application.log when an admin starts and stops impersonating a user
......
...@@ -20,7 +20,7 @@ module Auth ...@@ -20,7 +20,7 @@ module Auth
token.issuer = registry.issuer token.issuer = registry.issuer
token.audience = AUDIENCE token.audience = AUDIENCE
token[:access] = names.map do |name| token[:access] = names.map do |name|
{ type: 'repository', name: name, actions: %w(pull push) } { type: 'repository', name: name, actions: %w(*) }
end end
token.encoded token.encoded
end end
......
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
%hr %hr
%ul.content-list %ul.content-list
.light.prepend-top-default %li.light.prepend-top-default
%p %p
A 'container image' is a snapshot of a container. A 'container image' is a snapshot of a container.
You can host your container images with GitLab. You can host your container images with GitLab.
......
...@@ -10,7 +10,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do ...@@ -10,7 +10,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
subject { described_class.new(current_project, current_user, current_params).execute } subject { described_class.new(current_project, current_user, current_params).execute }
before do before do
stub_container_registry_config(enabled: true, issuer: 'rspec', key: nil) allow(Gitlab.config.registry).to receive_messages(enabled: true, issuer: 'rspec', key: nil)
allow_any_instance_of(JSONWebToken::RSAToken).to receive(:key).and_return(rsa_key) allow_any_instance_of(JSONWebToken::RSAToken).to receive(:key).and_return(rsa_key)
end end
...@@ -60,6 +60,17 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do ...@@ -60,6 +60,17 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
it { is_expected.to_not include(:token) } it { is_expected.to_not include(:token) }
end end
describe '#full_access_token' do
let(:project) { create(:empty_project) }
let(:token) { described_class.full_access_token(project.path_with_namespace) }
subject { { token: token } }
it_behaves_like 'a accessible' do
let(:actions) { ['*'] }
end
end
context 'user authorization' do context 'user authorization' do
let(:project) { create(:project) } let(:project) { create(:project) }
let(:current_user) { create(:user) } let(:current_user) { create(:user) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment