Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
eadee27a
Commit
eadee27a
authored
5 years ago
by
Peter Bábics
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add support for deleting images in registry 2.7
parent
5c59ff3d
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
94 additions
and
1 deletion
+94
-1
app/services/auth/container_registry_authentication_service.rb
...ervices/auth/container_registry_authentication_service.rb
+1
-1
spec/services/auth/container_registry_authentication_service_spec.rb
...es/auth/container_registry_authentication_service_spec.rb
+93
-0
No files found.
app/services/auth/container_registry_authentication_service.rb
View file @
eadee27a
...
...
@@ -116,7 +116,7 @@ module Auth
build_can_pull?
(
requested_project
)
||
user_can_pull?
(
requested_project
)
||
deploy_token_can_pull?
(
requested_project
)
when
'push'
build_can_push?
(
requested_project
)
||
user_can_push?
(
requested_project
)
when
'*'
when
'*'
,
'delete'
user_can_admin?
(
requested_project
)
else
false
...
...
This diff is collapsed.
Click to expand it.
spec/services/auth/container_registry_authentication_service_spec.rb
View file @
eadee27a
...
...
@@ -88,6 +88,12 @@ describe Auth::ContainerRegistryAuthenticationService do
end
end
shared_examples
'a deletable since registry 2.7'
do
it_behaves_like
'an accessible'
do
let
(
:actions
)
{
[
'delete'
]
}
end
end
shared_examples
'a pullable'
do
it_behaves_like
'an accessible'
do
let
(
:actions
)
{
[
'pull'
]
}
...
...
@@ -184,6 +190,19 @@ describe Auth::ContainerRegistryAuthenticationService do
it_behaves_like
'not a container repository factory'
end
context
'disallow developer to delete images since registry 2.7'
do
before
do
project
.
add_developer
(
current_user
)
end
let
(
:current_params
)
do
{
scopes:
[
"repository:
#{
project
.
full_path
}
:delete"
]
}
end
it_behaves_like
'an inaccessible'
it_behaves_like
'not a container repository factory'
end
context
'allow reporter to pull images'
do
before
do
project
.
add_reporter
(
current_user
)
...
...
@@ -212,6 +231,19 @@ describe Auth::ContainerRegistryAuthenticationService do
it_behaves_like
'not a container repository factory'
end
context
'disallow reporter to delete images since registry 2.7'
do
before
do
project
.
add_reporter
(
current_user
)
end
let
(
:current_params
)
do
{
scopes:
[
"repository:
#{
project
.
full_path
}
:delete"
]
}
end
it_behaves_like
'an inaccessible'
it_behaves_like
'not a container repository factory'
end
context
'return a least of privileges'
do
before
do
project
.
add_reporter
(
current_user
)
...
...
@@ -250,6 +282,19 @@ describe Auth::ContainerRegistryAuthenticationService do
it_behaves_like
'an inaccessible'
it_behaves_like
'not a container repository factory'
end
context
'disallow guest to delete images since regsitry 2.7'
do
before
do
project
.
add_guest
(
current_user
)
end
let
(
:current_params
)
do
{
scopes:
[
"repository:
#{
project
.
full_path
}
:delete"
]
}
end
it_behaves_like
'an inaccessible'
it_behaves_like
'not a container repository factory'
end
end
context
'for public project'
do
...
...
@@ -282,6 +327,15 @@ describe Auth::ContainerRegistryAuthenticationService do
it_behaves_like
'not a container repository factory'
end
context
'disallow anyone to delete images since registry 2.7'
do
let
(
:current_params
)
do
{
scopes:
[
"repository:
#{
project
.
full_path
}
:delete"
]
}
end
it_behaves_like
'an inaccessible'
it_behaves_like
'not a container repository factory'
end
context
'when repository name is invalid'
do
let
(
:current_params
)
do
{
scopes:
[
'repository:invalid:push'
]
}
...
...
@@ -322,6 +376,15 @@ describe Auth::ContainerRegistryAuthenticationService do
it_behaves_like
'an inaccessible'
it_behaves_like
'not a container repository factory'
end
context
'disallow anyone to delete images since registry 2.7'
do
let
(
:current_params
)
do
{
scopes:
[
"repository:
#{
project
.
full_path
}
:delete"
]
}
end
it_behaves_like
'an inaccessible'
it_behaves_like
'not a container repository factory'
end
end
context
'for external user'
do
...
...
@@ -344,6 +407,16 @@ describe Auth::ContainerRegistryAuthenticationService do
it_behaves_like
'an inaccessible'
it_behaves_like
'not a container repository factory'
end
context
'disallow anyone to delete images since registry 2.7'
do
let
(
:current_user
)
{
create
(
:user
,
external:
true
)
}
let
(
:current_params
)
do
{
scopes:
[
"repository:
#{
project
.
full_path
}
:delete"
]
}
end
it_behaves_like
'an inaccessible'
it_behaves_like
'not a container repository factory'
end
end
end
end
...
...
@@ -371,6 +444,16 @@ describe Auth::ContainerRegistryAuthenticationService do
let
(
:project
)
{
current_project
}
end
end
context
'allow to delete images since registry 2.7'
do
let
(
:current_params
)
do
{
scopes:
[
"repository:
#{
current_project
.
full_path
}
:delete"
]
}
end
it_behaves_like
'a deletable since registry 2.7'
do
let
(
:project
)
{
current_project
}
end
end
end
context
'build authorized as user'
do
...
...
@@ -419,6 +502,16 @@ describe Auth::ContainerRegistryAuthenticationService do
end
end
context
'disallow to delete images since registry 2.7'
do
let
(
:current_params
)
do
{
scopes:
[
"repository:
#{
current_project
.
full_path
}
:delete"
]
}
end
it_behaves_like
'an inaccessible'
do
let
(
:project
)
{
current_project
}
end
end
context
'for other projects'
do
context
'when pulling'
do
let
(
:current_params
)
do
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment