diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb
index 3144e96ba31f74c67dbd2331f01baa36b4b30b53..f807b8ec09ac29cf39fcc24552c9519d919fe0ef 100644
--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -20,7 +20,7 @@ module Auth
       token.issuer = registry.issuer
       token.audience = AUDIENCE
       token[:access] = names.map do |name|
-        { type: 'repository', name: name, actions: %w(pull push) }
+        { type: 'repository', name: name, actions: %w(*) }
       end
       token.encoded
     end
diff --git a/app/views/projects/container_registry/index.html.haml b/app/views/projects/container_registry/index.html.haml
index 40957993b2276c7bbc7ce4274260e74fed049be0..e1e762410f28250abc9c8c010a594b549948486d 100644
--- a/app/views/projects/container_registry/index.html.haml
+++ b/app/views/projects/container_registry/index.html.haml
@@ -4,7 +4,7 @@
 %hr
 
 %ul.content-list
-  .light.prepend-top-default
+  %li.light.prepend-top-default
     %p
       A 'container image' is a snapshot of a container.
       You can host your container images with GitLab.
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb
index 6c9f56a4fba545d2de5d4d53e105d9e0d3361f2b..73b8c3f048fc40c1c885be0a1f675232ec1a799b 100644
--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -10,7 +10,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
   subject { described_class.new(current_project, current_user, current_params).execute }
 
   before do
-    stub_container_registry_config(enabled: true, issuer: 'rspec', key: nil)
+    allow(Gitlab.config.registry).to receive_messages(enabled: true, issuer: 'rspec', key: nil)
     allow_any_instance_of(JSONWebToken::RSAToken).to receive(:key).and_return(rsa_key)
   end
 
@@ -60,6 +60,17 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
     it { is_expected.to_not include(:token) }
   end
 
+  describe '#full_access_token' do
+    let(:project) { create(:empty_project) }
+    let(:token) { described_class.full_access_token(project.path_with_namespace) }
+
+    subject { { token: token } }
+
+    it_behaves_like 'a accessible' do
+      let(:actions) { ['*'] }
+    end
+  end
+
   context 'user authorization' do
     let(:project) { create(:project) }
     let(:current_user) { create(:user) }