kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Implemented star auth capabilities on docker registry to enable deletion of images

Browse source
This commit is contained in:
Maxime Visonneau 2017-05-23 23:45:01 +02:00 committed by Lin Jen-Shin
parent a210ddaa1b
commit 1cdc76f455
1 changed files with 28 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
spec/services/auth/container_registry_authentication_service_spec.rb
View file

@ -163,7 +163,9 @@ describe Auth::ContainerRegistryAuthenticationService do
end end
context 'disallow reporter to delete images' do context 'disallow reporter to delete images' do
before { project.team << [current_user, :reporter] } before do
project.add_reporter(current_user)
end
let(:current_params) do let(:current_params) do
{ scope: "repository:#{project.path_with_namespace}:*" } { scope: "repository:#{project.path_with_namespace}:*" }
@ -230,6 +232,14 @@ describe Auth::ContainerRegistryAuthenticationService do
it_behaves_like 'not a container repository factory' it_behaves_like 'not a container repository factory'
end end
context 'disallow anyone to delete images' do
let(:current_params) do
{ scope: "repository:#{project.path_with_namespace}:*" }
end
it_behaves_like 'an inaccessible'
end
context 'when repository name is invalid' do context 'when repository name is invalid' do
let(:current_params) do let(:current_params) do
{ scope: 'repository:invalid:push' } { scope: 'repository:invalid:push' }
@ -280,13 +290,25 @@ describe Auth::ContainerRegistryAuthenticationService do
end end
context 'for external user' do context 'for external user' do
let(:current_user) { create(:user, external: true) } context 'disallow anyone to pull or push images' do
let(:current_params) do let(:current_user) { create(:user, external: true) }
{ scope: "repository:#{project.full_path}:pull,push,*" } let(:current_params) do
{ scope: "repository:#{project.path_with_namespace}:pull,push" }
end
it_behaves_like 'an inaccessible'
it_behaves_like 'not a container repository factory'
end end
it_behaves_like 'an inaccessible' context 'disallow anyone to delete images' do
it_behaves_like 'not a container repository factory' let(:current_user) { create(:user, external: true) }
let(:current_params) do
{ scope: "repository:#{project.path_with_namespace}:*" }
end
it_behaves_like 'an inaccessible'
it_behaves_like 'not a container repository factory'
end
end end
end end
end end