Skip to content
Snippets Groups Projects
Commit 4005eb64 authored by Grzegorz Bizon's avatar Grzegorz Bizon
Browse files

Fix communication between GitLab and Container Registry

parent 896b13b9
No related branches found
No related tags found
1 merge request!10109Multi-level container registry images
Pipeline #
Hide whitespace changes
Inline Side-by-side
app/models/container_image.rb
+ 15
8
View file @ 4005eb64
@@ -43,13 +43,20 @@ class ContainerImage < ActiveRecord::Base
@@ -43,13 +43,20 @@ class ContainerImage < ActiveRecord::Base
end end
end end
   
def self.from_path(full_path) def self.project_from_path(image_path)
return unless full_path.include?('/') return unless image_path.include?('/')
path = full_path[0...full_path.rindex('/')] ##
name = full_path[full_path.rindex('/')+1..-1] # Projects are always located inside a namespace, so we can remove
project = Project.find_by_full_path(path) # the last node, and see if project with that path exists.
#
self.new(name: name, path: path, project: project) truncated_path = image_path.slice(0...image_path.rindex('/'))
##
# We still make it possible to search projects by a full image path
# in order to maintain backwards compatibility.
#
Project.find_by_full_path(truncated_path) ||
Project.find_by_full_path(image_path)
end end
end end
app/services/auth/container_registry_authentication_service.rb
+ 9
8
View file @ 4005eb64
@@ -38,13 +38,13 @@ module Auth
@@ -38,13 +38,13 @@ module Auth
private private
   
def authorized_token(*accesses) def authorized_token(*accesses)
token = JSONWebToken::RSAToken.new(registry.key) JSONWebToken::RSAToken.new(registry.key).tap do |token|
token.issuer = registry.issuer token.issuer = registry.issuer
token.audience = params[:service] token.audience = params[:service]
token.subject = current_user.try(:username) token.subject = current_user.try(:username)
token.expire_time = self.class.token_expire_at token.expire_time = self.class.token_expire_at
token[:access] = accesses.compact token[:access] = accesses.compact
token end
end end
   
def scope def scope
@@ -62,7 +62,8 @@ module Auth
@@ -62,7 +62,8 @@ module Auth
end end
   
def process_repository_access(type, name, actions) def process_repository_access(type, name, actions)
requested_project = ContainerImage.from_path(name).project requested_project = ContainerImage.project_from_path(name)
return unless requested_project return unless requested_project
   
actions = actions.select do |action| actions = actions.select do |action|
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment