Implemented star auth capabilities on docker registry to enable deletion of images
This commit is contained in:
parent
a210ddaa1b
commit
1cdc76f455
1 changed files with 28 additions and 6 deletions
|
@ -163,7 +163,9 @@ describe Auth::ContainerRegistryAuthenticationService do
|
|||
end
|
||||
|
||||
context 'disallow reporter to delete images' do
|
||||
before { project.team << [current_user, :reporter] }
|
||||
before do
|
||||
project.add_reporter(current_user)
|
||||
end
|
||||
|
||||
let(:current_params) do
|
||||
{ scope: "repository:#{project.path_with_namespace}:*" }
|
||||
|
@ -230,6 +232,14 @@ describe Auth::ContainerRegistryAuthenticationService do
|
|||
it_behaves_like 'not a container repository factory'
|
||||
end
|
||||
|
||||
context 'disallow anyone to delete images' do
|
||||
let(:current_params) do
|
||||
{ scope: "repository:#{project.path_with_namespace}:*" }
|
||||
end
|
||||
|
||||
it_behaves_like 'an inaccessible'
|
||||
end
|
||||
|
||||
context 'when repository name is invalid' do
|
||||
let(:current_params) do
|
||||
{ scope: 'repository:invalid:push' }
|
||||
|
@ -280,14 +290,26 @@ describe Auth::ContainerRegistryAuthenticationService do
|
|||
end
|
||||
|
||||
context 'for external user' do
|
||||
context 'disallow anyone to pull or push images' do
|
||||
let(:current_user) { create(:user, external: true) }
|
||||
let(:current_params) do
|
||||
{ scope: "repository:#{project.full_path}:pull,push,*" }
|
||||
{ scope: "repository:#{project.path_with_namespace}:pull,push" }
|
||||
end
|
||||
|
||||
it_behaves_like 'an inaccessible'
|
||||
it_behaves_like 'not a container repository factory'
|
||||
end
|
||||
|
||||
context 'disallow anyone to delete images' do
|
||||
let(:current_user) { create(:user, external: true) }
|
||||
let(:current_params) do
|
||||
{ scope: "repository:#{project.path_with_namespace}:*" }
|
||||
end
|
||||
|
||||
it_behaves_like 'an inaccessible'
|
||||
it_behaves_like 'not a container repository factory'
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue