Commit 4005eb64 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Fix communication between GitLab and Container Registry

parent 896b13b9
......@@ -43,13 +43,20 @@ class ContainerImage < ActiveRecord::Base
end
end
def self.from_path(full_path)
return unless full_path.include?('/')
path = full_path[0...full_path.rindex('/')]
name = full_path[full_path.rindex('/')+1..-1]
project = Project.find_by_full_path(path)
self.new(name: name, path: path, project: project)
def self.project_from_path(image_path)
return unless image_path.include?('/')
##
# Projects are always located inside a namespace, so we can remove
# the last node, and see if project with that path exists.
#
truncated_path = image_path.slice(0...image_path.rindex('/'))
##
# We still make it possible to search projects by a full image path
# in order to maintain backwards compatibility.
#
Project.find_by_full_path(truncated_path) ||
Project.find_by_full_path(image_path)
end
end
......@@ -38,13 +38,13 @@ module Auth
private
def authorized_token(*accesses)
token = JSONWebToken::RSAToken.new(registry.key)
token.issuer = registry.issuer
token.audience = params[:service]
token.subject = current_user.try(:username)
token.expire_time = self.class.token_expire_at
token[:access] = accesses.compact
token
JSONWebToken::RSAToken.new(registry.key).tap do |token|
token.issuer = registry.issuer
token.audience = params[:service]
token.subject = current_user.try(:username)
token.expire_time = self.class.token_expire_at
token[:access] = accesses.compact
end
end
def scope
......@@ -62,7 +62,8 @@ module Auth
end
def process_repository_access(type, name, actions)
requested_project = ContainerImage.from_path(name).project
requested_project = ContainerImage.project_from_path(name)
return unless requested_project
actions = actions.select do |action|
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment