Commit 2a8920be authored by Sean McGivern's avatar Sean McGivern

Merge branch 'package-deploy-tokens-fe' into 'master'

Add new deploy token scopes to front end

See merge request gitlab-org/gitlab!31267
parents d261aa84 8dc41b75
...@@ -46,7 +46,7 @@ module Groups ...@@ -46,7 +46,7 @@ module Groups
end end
def deploy_token_params def deploy_token_params
params.require(:deploy_token).permit(:name, :expires_at, :read_repository, :read_registry, :write_registry, :username) params.require(:deploy_token).permit(:name, :expires_at, :read_repository, :read_registry, :write_registry, :read_package_registry, :write_package_registry, :username)
end end
end end
end end
......
...@@ -89,7 +89,7 @@ module Projects ...@@ -89,7 +89,7 @@ module Projects
end end
def deploy_token_params def deploy_token_params
params.require(:deploy_token).permit(:name, :expires_at, :read_repository, :read_registry, :write_registry, :username) params.require(:deploy_token).permit(:name, :expires_at, :read_repository, :read_registry, :write_registry, :read_package_registry, :write_package_registry, :username)
end end
def access_levels_options def access_levels_options
......
- breadcrumb_title _('Repository Settings') - breadcrumb_title _('Repository Settings')
- page_title _('Repository') - page_title _('Repository')
- deploy_token_description = s_('DeployTokens|Group deploy tokens allow read-only access to the repositories and registry images within the group.') - deploy_token_description = s_('DeployTokens|Group deploy tokens allow access to the packages, repositories, and registry images within the group.')
= render "shared/deploy_tokens/index", group_or_project: @group, description: deploy_token_description = render "shared/deploy_tokens/index", group_or_project: @group, description: deploy_token_description
- breadcrumb_title _("Repository Settings") - breadcrumb_title _("Repository Settings")
- page_title _("Repository") - page_title _("Repository")
- @content_class = "limit-container-width" unless fluid_layout - @content_class = "limit-container-width" unless fluid_layout
- deploy_token_description = s_('DeployTokens|Deploy tokens allow access to your repository and registry images.') - deploy_token_description = s_('DeployTokens|Deploy tokens allow access to packages, your repository, and registry images.')
= render "projects/default_branch/show" = render "projects/default_branch/show"
= render_if_exists "projects/push_rules/index" = render_if_exists "projects/push_rules/index"
......
...@@ -35,5 +35,15 @@ ...@@ -35,5 +35,15 @@
= label_tag ("deploy_token_write_registry"), 'write_registry', class: 'label-bold form-check-label' = label_tag ("deploy_token_write_registry"), 'write_registry', class: 'label-bold form-check-label'
.text-secondary= s_('DeployTokens|Allows write access to the registry images') .text-secondary= s_('DeployTokens|Allows write access to the registry images')
%fieldset.form-group.form-check
= f.check_box :read_package_registry, class: 'form-check-input'
= label_tag ("deploy_token_read_package_registry"), 'read_package_registry', class: 'label-bold form-check-label'
.text-secondary= s_('DeployTokens|Allows read access to the package registry')
%fieldset.form-group.form-check
= f.check_box :write_package_registry, class: 'form-check-input'
= label_tag ("deploy_token_write_package_registry"), 'write_package_registry', class: 'label-bold form-check-label'
.text-secondary= s_('DeployTokens|Allows write access to the package registry')
.prepend-top-default .prepend-top-default
= f.submit s_('DeployTokens|Create deploy token'), class: 'btn btn-success qa-create-deploy-token' = f.submit s_('DeployTokens|Create deploy token'), class: 'btn btn-success qa-create-deploy-token'
---
title: Add read and write package registry scopes to deploy tokens
merge_request: 31267
author:
type: added
...@@ -92,7 +92,7 @@ POST /projects/:id/deploy_tokens ...@@ -92,7 +92,7 @@ POST /projects/:id/deploy_tokens
| `name` | string | yes | New deploy token's name | | `name` | string | yes | New deploy token's name |
| `expires_at` | datetime | no | Expiration date for the deploy token. Does not expire if no value is provided. | | `expires_at` | datetime | no | Expiration date for the deploy token. Does not expire if no value is provided. |
| `username` | string | no | Username for deploy token. Default is `gitlab+deploy-token-{n}` | | `username` | string | no | Username for deploy token. Default is `gitlab+deploy-token-{n}` |
| `scopes` | array of strings | yes | Indicates the deploy token scopes. Must be at least one of `read_repository`, `read_registry`, or `write_registry`. | | `scopes` | array of strings | yes | Indicates the deploy token scopes. Must be at least one of `read_repository`, `read_registry`, `write_registry`, `read_package_registry`, or `write_package_registry`. |
```shell ```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" --header "Content-Type: application/json" --data '{"name": "My deploy token", "expires_at": "2021-01-01", "username": "custom-user", "scopes": ["read_repository"]}' "https://gitlab.example.com/api/v4/projects/5/deploy_tokens/" curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" --header "Content-Type: application/json" --data '{"name": "My deploy token", "expires_at": "2021-01-01", "username": "custom-user", "scopes": ["read_repository"]}' "https://gitlab.example.com/api/v4/projects/5/deploy_tokens/"
...@@ -193,7 +193,7 @@ POST /groups/:id/deploy_tokens ...@@ -193,7 +193,7 @@ POST /groups/:id/deploy_tokens
| `name` | string | yes | New deploy token's name | | `name` | string | yes | New deploy token's name |
| `expires_at` | datetime | no | Expiration date for the deploy token. Does not expire if no value is provided. | | `expires_at` | datetime | no | Expiration date for the deploy token. Does not expire if no value is provided. |
| `username` | string | no | Username for deploy token. Default is `gitlab+deploy-token-{n}` | | `username` | string | no | Username for deploy token. Default is `gitlab+deploy-token-{n}` |
| `scopes` | array of strings | yes | Indicates the deploy token scopes. Must be at least one of `read_repository`, `read_registry`, or `write_registry`. | | `scopes` | array of strings | yes | Indicates the deploy token scopes. Must be at least one of `read_repository`, `read_registry`, `write_registry`, `read_package_registry`, or `write_package_registry`. |
Example request: Example request:
......
...@@ -4,8 +4,9 @@ ...@@ -4,8 +4,9 @@
> - [Moved](https://gitlab.com/gitlab-org/gitlab/issues/199370) from **Settings > Repository** in GitLab 12.9. > - [Moved](https://gitlab.com/gitlab-org/gitlab/issues/199370) from **Settings > Repository** in GitLab 12.9.
> - [Added `write_registry` scope](https://gitlab.com/gitlab-org/gitlab/-/issues/22743) in GitLab 12.10. > - [Added `write_registry` scope](https://gitlab.com/gitlab-org/gitlab/-/issues/22743) in GitLab 12.10.
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29280) from **Settings > CI / CD** in GitLab 12.10.1. > - [Moved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29280) from **Settings > CI / CD** in GitLab 12.10.1.
> - [Added package registry scopes](https://gitlab.com/gitlab-org/gitlab/-/issues/213566) from **Settings > CI / CD** in GitLab 13.0.
Deploy tokens allow you to download (`git clone`) or push and pull the container registry images of a project without having a user and a password. Deploy tokens allow you to download (`git clone`) or push and pull packages and container registry images of a project without having a user and a password.
Deploy tokens can be managed by [maintainers only](../../permissions.md). Deploy tokens can be managed by [maintainers only](../../permissions.md).
...@@ -101,6 +102,22 @@ To push the container registry images, you'll need to: ...@@ -101,6 +102,22 @@ To push the container registry images, you'll need to:
Just replace `<username>` and `<deploy_token>` with the proper values. Then you can simply Just replace `<username>` and `<deploy_token>` with the proper values. Then you can simply
push images to your Container Registry. push images to your Container Registry.
### Read or pull packages
To pull packages in the GitLab package registry, you'll need to:
1. Create a Deploy Token with `read_package_registry` as a scope.
1. Take note of your `username` and `token`.
1. For the [package type of your choice](./../../packages/index.md), follow the authentication instructions for deploy tokens.
### Push or upload packages
To upload packages in the GitLab package registry, you'll need to:
1. Create a Deploy Token with `write_package_registry` as a scope.
1. Take note of your `username` and `token`.
1. For the [package type of your choice](./../../packages/index.md), follow the authentication instructions for deploy tokens.
### Group Deploy Token ### Group Deploy Token
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/21765) in GitLab 12.9. > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/21765) in GitLab 12.9.
......
...@@ -11,6 +11,8 @@ module API ...@@ -11,6 +11,8 @@ module API
result_hash = Hashie::Mash.new result_hash = Hashie::Mash.new
result_hash[:read_registry] = scopes.include?('read_registry') result_hash[:read_registry] = scopes.include?('read_registry')
result_hash[:write_registry] = scopes.include?('write_registry') result_hash[:write_registry] = scopes.include?('write_registry')
result_hash[:read_package_registry] = scopes.include?('read_package_registry')
result_hash[:write_package_registry] = scopes.include?('write_package_registry')
result_hash[:read_repository] = scopes.include?('read_repository') result_hash[:read_repository] = scopes.include?('read_repository')
result_hash result_hash
end end
...@@ -55,7 +57,7 @@ module API ...@@ -55,7 +57,7 @@ module API
params do params do
requires :name, type: String, desc: "New deploy token's name" requires :name, type: String, desc: "New deploy token's name"
requires :scopes, type: Array[String], values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s), requires :scopes, type: Array[String], values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s),
desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", or "write_registry".' desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", "write_registry", "read_package_registry", or "write_package_registry".'
optional :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.' optional :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.'
optional :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`' optional :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`'
end end
...@@ -118,7 +120,7 @@ module API ...@@ -118,7 +120,7 @@ module API
params do params do
requires :name, type: String, desc: 'The name of the deploy token' requires :name, type: String, desc: 'The name of the deploy token'
requires :scopes, type: Array[String], values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s), requires :scopes, type: Array[String], values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s),
desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", or "write_registry".' desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", "write_registry", "read_package_registry", or "write_package_registry".'
optional :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.' optional :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.'
optional :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`' optional :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`'
end end
......
...@@ -7128,12 +7128,18 @@ msgstr "" ...@@ -7128,12 +7128,18 @@ msgstr ""
msgid "DeployTokens|Add a deploy token" msgid "DeployTokens|Add a deploy token"
msgstr "" msgstr ""
msgid "DeployTokens|Allows read access to the package registry"
msgstr ""
msgid "DeployTokens|Allows read-only access to the registry images" msgid "DeployTokens|Allows read-only access to the registry images"
msgstr "" msgstr ""
msgid "DeployTokens|Allows read-only access to the repository" msgid "DeployTokens|Allows read-only access to the repository"
msgstr "" msgstr ""
msgid "DeployTokens|Allows write access to the package registry"
msgstr ""
msgid "DeployTokens|Allows write access to the registry images" msgid "DeployTokens|Allows write access to the registry images"
msgstr "" msgstr ""
...@@ -7155,13 +7161,13 @@ msgstr "" ...@@ -7155,13 +7161,13 @@ msgstr ""
msgid "DeployTokens|Deploy Tokens" msgid "DeployTokens|Deploy Tokens"
msgstr "" msgstr ""
msgid "DeployTokens|Deploy tokens allow access to your repository and registry images." msgid "DeployTokens|Deploy tokens allow access to packages, your repository, and registry images."
msgstr "" msgstr ""
msgid "DeployTokens|Expires" msgid "DeployTokens|Expires"
msgstr "" msgstr ""
msgid "DeployTokens|Group deploy tokens allow read-only access to the repositories and registry images within the group." msgid "DeployTokens|Group deploy tokens allow access to the packages, repositories, and registry images within the group."
msgstr "" msgstr ""
msgid "DeployTokens|Name" msgid "DeployTokens|Name"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment