Merge branch 'fix-docker-registry-integration' into 'master'

Fix docker registry integration See merge request !4229

Merge branch 'fix-docker-registry-integration' into 'master'
Fix docker registry integration See merge request !4229
c433b51d · Yorick Peterse · 8a0eeac3 · c433b51d · c433b51d · c433b51d
Commit c433b51d authored May 21, 2016 by Yorick Peterse
4 changed files
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,6 +13,7 @@ v 8.8.0
  - Added inline diff styling for `change_title` system notes. (Adam Butler)
  - Project#open_branches has been cleaned up and no longer loads entire records into memory.
  - Escape HTML in commit titles in system note messages
+  - Fix scope used when accessing container registry
  - Fix creation of Ci::Commit object which can lead to pending, failed in some scenarios
  - Improve multiple branch push performance by memoizing permission checking
  - Log to application.log when an admin starts and stops impersonating a user

--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -20,7 +20,7 @@ module Auth
      token.issuer = registry.issuer
      token.audience = AUDIENCE
      token[:access] = names.map do |name|
-        { type: 'repository', name: name, actions: %w(pull push) }
+        { type: 'repository', name: name, actions: %w(*) }
      end
      token.encoded
    end

--- a/app/views/projects/container_registry/index.html.haml
+++ b/app/views/projects/container_registry/index.html.haml
@@ -4,7 +4,7 @@
 %hr

 %ul.content-list
-  .light.prepend-top-default
+  %li.light.prepend-top-default
    %p
      A 'container image' is a snapshot of a container.
      You can host your container images with GitLab.

--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -10,7 +10,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
  subject { described_class.new(current_project, current_user, current_params).execute }

  before do
-    stub_container_registry_config(enabled: true, issuer: 'rspec', key: nil)
+    allow(Gitlab.config.registry).to receive_messages(enabled: true, issuer: 'rspec', key: nil)
    allow_any_instance_of(JSONWebToken::RSAToken).to receive(:key).and_return(rsa_key)
  end

@@ -60,6 +60,17 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
    it { is_expected.to_not include(:token) }
  end

+  describe '#full_access_token' do
+    let(:project) { create(:empty_project) }
+    let(:token) { described_class.full_access_token(project.path_with_namespace) }
+
+    subject { { token: token } }
+
+    it_behaves_like 'a accessible' do
+      let(:actions) { ['*'] }
+    end
+  end
+
  context 'user authorization' do
    let(:project) { create(:project) }
    let(:current_user) { create(:user) }