Remove out-of-scope changes for multi-level images
This commit is contained in:
parent
c64d36306c
commit
68a2fa54de
|
@ -29,12 +29,6 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
|
||||||
redirect_to :back
|
redirect_to :back
|
||||||
end
|
end
|
||||||
|
|
||||||
def reset_container_registry_token
|
|
||||||
@application_setting.reset_container_registry_access_token!
|
|
||||||
flash[:notice] = 'New container registry access token has been generated!'
|
|
||||||
redirect_to :back
|
|
||||||
end
|
|
||||||
|
|
||||||
def clear_repository_check_states
|
def clear_repository_check_states
|
||||||
RepositoryCheck::ClearWorker.perform_async
|
RepositoryCheck::ClearWorker.perform_async
|
||||||
|
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
class Admin::ContainerRegistryController < Admin::ApplicationController
|
|
||||||
def show
|
|
||||||
@access_token = container_registry_access_token
|
|
||||||
end
|
|
||||||
|
|
||||||
private
|
|
||||||
|
|
||||||
def container_registry_access_token
|
|
||||||
current_application_settings.container_registry_access_token
|
|
||||||
end
|
|
||||||
end
|
|
|
@ -4,7 +4,6 @@ class ApplicationSetting < ActiveRecord::Base
|
||||||
|
|
||||||
add_authentication_token_field :runners_registration_token
|
add_authentication_token_field :runners_registration_token
|
||||||
add_authentication_token_field :health_check_access_token
|
add_authentication_token_field :health_check_access_token
|
||||||
add_authentication_token_field :container_registry_access_token
|
|
||||||
|
|
||||||
CACHE_KEY = 'application_setting.last'.freeze
|
CACHE_KEY = 'application_setting.last'.freeze
|
||||||
DOMAIN_LIST_SEPARATOR = %r{\s*[,;]\s* # comma or semicolon, optionally surrounded by whitespace
|
DOMAIN_LIST_SEPARATOR = %r{\s*[,;]\s* # comma or semicolon, optionally surrounded by whitespace
|
||||||
|
@ -158,7 +157,6 @@ class ApplicationSetting < ActiveRecord::Base
|
||||||
|
|
||||||
before_save :ensure_runners_registration_token
|
before_save :ensure_runners_registration_token
|
||||||
before_save :ensure_health_check_access_token
|
before_save :ensure_health_check_access_token
|
||||||
before_save :ensure_container_registry_access_token
|
|
||||||
|
|
||||||
after_commit do
|
after_commit do
|
||||||
Rails.cache.write(CACHE_KEY, self)
|
Rails.cache.write(CACHE_KEY, self)
|
||||||
|
@ -332,10 +330,6 @@ class ApplicationSetting < ActiveRecord::Base
|
||||||
ensure_health_check_access_token!
|
ensure_health_check_access_token!
|
||||||
end
|
end
|
||||||
|
|
||||||
def container_registry_access_token
|
|
||||||
ensure_container_registry_access_token!
|
|
||||||
end
|
|
||||||
|
|
||||||
def sidekiq_throttling_enabled?
|
def sidekiq_throttling_enabled?
|
||||||
return false unless sidekiq_throttling_column_exists?
|
return false unless sidekiq_throttling_column_exists?
|
||||||
|
|
||||||
|
|
|
@ -1,31 +0,0 @@
|
||||||
- @no_container = true
|
|
||||||
= render "admin/dashboard/head"
|
|
||||||
|
|
||||||
%div{ class: container_class }
|
|
||||||
|
|
||||||
%p.prepend-top-default
|
|
||||||
%span
|
|
||||||
To properly configure the Container Registry you should add the following
|
|
||||||
access token to the Docker Registry config.yml as follows:
|
|
||||||
%pre
|
|
||||||
%code
|
|
||||||
:plain
|
|
||||||
notifications:
|
|
||||||
endpoints:
|
|
||||||
- ...
|
|
||||||
headers:
|
|
||||||
X-Registry-Token: [#{@access_token}]
|
|
||||||
%br
|
|
||||||
Access token is
|
|
||||||
%code{ id: 'registry-token' }= @access_token
|
|
||||||
|
|
||||||
.bs-callout.clearfix
|
|
||||||
.pull-left
|
|
||||||
%p
|
|
||||||
You can reset container registry access token by pressing the button below.
|
|
||||||
%p
|
|
||||||
= button_to reset_container_registry_token_admin_application_settings_path,
|
|
||||||
method: :put, class: 'btn btn-default',
|
|
||||||
data: { confirm: 'Are you sure you want to reset container registry token?' } do
|
|
||||||
= icon('refresh')
|
|
||||||
Reset container registry access token
|
|
|
@ -27,7 +27,3 @@
|
||||||
= link_to admin_runners_path, title: 'Runners' do
|
= link_to admin_runners_path, title: 'Runners' do
|
||||||
%span
|
%span
|
||||||
Runners
|
Runners
|
||||||
= nav_link path: 'container_registry#show' do
|
|
||||||
= link_to admin_container_registry_path, title: 'Registry' do
|
|
||||||
%span
|
|
||||||
Registry
|
|
||||||
|
|
|
@ -63,7 +63,6 @@ namespace :admin do
|
||||||
resource :background_jobs, controller: 'background_jobs', only: [:show]
|
resource :background_jobs, controller: 'background_jobs', only: [:show]
|
||||||
resource :system_info, controller: 'system_info', only: [:show]
|
resource :system_info, controller: 'system_info', only: [:show]
|
||||||
resources :requests_profiles, only: [:index, :show], param: :name, constraints: { name: /.+\.html/ }
|
resources :requests_profiles, only: [:index, :show], param: :name, constraints: { name: /.+\.html/ }
|
||||||
resource :container_registry, controller: 'container_registry', only: [:show]
|
|
||||||
|
|
||||||
resources :projects, only: [:index]
|
resources :projects, only: [:index]
|
||||||
|
|
||||||
|
@ -94,7 +93,6 @@ namespace :admin do
|
||||||
resources :services, only: [:index, :edit, :update]
|
resources :services, only: [:index, :edit, :update]
|
||||||
put :reset_runners_token
|
put :reset_runners_token
|
||||||
put :reset_health_check_token
|
put :reset_health_check_token
|
||||||
put :reset_container_registry_token
|
|
||||||
put :clear_repository_check_states
|
put :clear_repository_check_states
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
# See http://doc.gitlab.com/ce/development/migration_style_guide.html
|
|
||||||
# for more information on how to write migrations for GitLab.
|
|
||||||
|
|
||||||
class AddContainerRegistryAccessTokenToApplicationSettings < ActiveRecord::Migration
|
|
||||||
include Gitlab::Database::MigrationHelpers
|
|
||||||
|
|
||||||
# Set this constant to true if this migration requires downtime.
|
|
||||||
DOWNTIME = false
|
|
||||||
|
|
||||||
def change
|
|
||||||
add_column :application_settings, :container_registry_access_token, :string
|
|
||||||
end
|
|
||||||
end
|
|
|
@ -87,23 +87,6 @@ auth:
|
||||||
rootcertbundle: /root/certs/certbundle
|
rootcertbundle: /root/certs/certbundle
|
||||||
```
|
```
|
||||||
|
|
||||||
Also a notification endpoint must be configured with the token from
|
|
||||||
Admin Area -> Overview -> Registry (`/admin/container_registry`) like in the following sample:
|
|
||||||
|
|
||||||
```
|
|
||||||
notifications:
|
|
||||||
endpoints:
|
|
||||||
- name: listener
|
|
||||||
url: https://gitlab.example.com/api/v3/registry_events
|
|
||||||
headers:
|
|
||||||
X-Registry-Token: [57Cx95fc2zHFh93VTiGD]
|
|
||||||
timeout: 500ms
|
|
||||||
threshold: 5
|
|
||||||
backoff: 1s
|
|
||||||
```
|
|
||||||
|
|
||||||
Check the [Registry endpoint configuration][registry-endpoint] for details.
|
|
||||||
|
|
||||||
## Container Registry domain configuration
|
## Container Registry domain configuration
|
||||||
|
|
||||||
There are two ways you can configure the Registry's external domain.
|
There are two ways you can configure the Registry's external domain.
|
||||||
|
@ -600,7 +583,6 @@ notifications:
|
||||||
[storage-config]: https://docs.docker.com/registry/configuration/#storage
|
[storage-config]: https://docs.docker.com/registry/configuration/#storage
|
||||||
[registry-http-config]: https://docs.docker.com/registry/configuration/#http
|
[registry-http-config]: https://docs.docker.com/registry/configuration/#http
|
||||||
[registry-auth]: https://docs.docker.com/registry/configuration/#auth
|
[registry-auth]: https://docs.docker.com/registry/configuration/#auth
|
||||||
[registry-endpoint]: https://docs.docker.com/registry/notifications/#/configuration
|
|
||||||
[token-config]: https://docs.docker.com/registry/configuration/#token
|
[token-config]: https://docs.docker.com/registry/configuration/#token
|
||||||
[8-8-docs]: https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/doc/administration/container_registry.md
|
[8-8-docs]: https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/doc/administration/container_registry.md
|
||||||
[registry-ssl]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/registry-ssl
|
[registry-ssl]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/registry-ssl
|
||||||
|
|
|
@ -104,7 +104,6 @@ module API
|
||||||
mount ::API::Namespaces
|
mount ::API::Namespaces
|
||||||
mount ::API::Notes
|
mount ::API::Notes
|
||||||
mount ::API::NotificationSettings
|
mount ::API::NotificationSettings
|
||||||
mount ::API::RegistryEvents
|
|
||||||
mount ::API::Pipelines
|
mount ::API::Pipelines
|
||||||
mount ::API::ProjectHooks
|
mount ::API::ProjectHooks
|
||||||
mount ::API::Projects
|
mount ::API::Projects
|
||||||
|
|
|
@ -111,16 +111,6 @@ module API
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def authenticate_container_registry_access_token!
|
|
||||||
token = request.headers['X-Registry-Token']
|
|
||||||
unless token.present? && ActiveSupport::SecurityUtils.variable_size_secure_compare(
|
|
||||||
token,
|
|
||||||
current_application_settings.container_registry_access_token
|
|
||||||
)
|
|
||||||
unauthorized!
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def authenticated_as_admin!
|
def authenticated_as_admin!
|
||||||
authenticate!
|
authenticate!
|
||||||
forbidden! unless current_user.is_admin?
|
forbidden! unless current_user.is_admin?
|
||||||
|
|
|
@ -1,60 +0,0 @@
|
||||||
module API
|
|
||||||
# RegistryEvents API
|
|
||||||
class RegistryEvents < Grape::API
|
|
||||||
before { authenticate_container_registry_access_token! }
|
|
||||||
|
|
||||||
content_type :json, 'application/vnd.docker.distribution.events.v1+json'
|
|
||||||
|
|
||||||
params do
|
|
||||||
requires :events, type: Array, desc: 'The ID of a project' do
|
|
||||||
requires :id, type: String, desc: 'The ID of the event'
|
|
||||||
requires :timestamp, type: String, desc: 'Timestamp of the event'
|
|
||||||
requires :action, type: String, desc: 'Action performed by event'
|
|
||||||
requires :target, type: Hash, desc: 'Target of the event' do
|
|
||||||
optional :mediaType, type: String, desc: 'Media type of the target'
|
|
||||||
optional :size, type: Integer, desc: 'Size in bytes of the target'
|
|
||||||
requires :digest, type: String, desc: 'Digest of the target'
|
|
||||||
requires :repository, type: String, desc: 'Repository of target'
|
|
||||||
optional :url, type: String, desc: 'Url of the target'
|
|
||||||
optional :tag, type: String, desc: 'Tag of the target'
|
|
||||||
end
|
|
||||||
requires :request, type: Hash, desc: 'Request of the event' do
|
|
||||||
requires :id, type: String, desc: 'The ID of the request'
|
|
||||||
optional :addr, type: String, desc: 'IP Address of the request client'
|
|
||||||
optional :host, type: String, desc: 'Hostname of the registry instance'
|
|
||||||
requires :method, type: String, desc: 'Request method'
|
|
||||||
requires :useragent, type: String, desc: 'UserAgent header of the request'
|
|
||||||
end
|
|
||||||
requires :actor, type: Hash, desc: 'Actor that initiated the event' do
|
|
||||||
optional :name, type: String, desc: 'Actor name'
|
|
||||||
end
|
|
||||||
requires :source, type: Hash, desc: 'Source of the event' do
|
|
||||||
optional :addr, type: String, desc: 'Hostname of source registry node'
|
|
||||||
optional :instanceID, type: String, desc: 'Source registry node instanceID'
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
resource :registry_events do
|
|
||||||
post do
|
|
||||||
params['events'].each do |event|
|
|
||||||
repository = event['target']['repository']
|
|
||||||
|
|
||||||
if event['action'] == 'push' && !!event['target']['tag']
|
|
||||||
namespace, container_image_name = ContainerImage::split_namespace(repository)
|
|
||||||
project = Project::find_by_full_path(namespace)
|
|
||||||
|
|
||||||
if project
|
|
||||||
container_image = project.container_images.find_or_create_by(name: container_image_name, path: container_image_name)
|
|
||||||
|
|
||||||
unless container_image.valid?
|
|
||||||
render_api_error!({ error: "Failed to create container image!" }, 400)
|
|
||||||
end
|
|
||||||
else
|
|
||||||
not_found!('Project')
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
|
@ -1,7 +0,0 @@
|
||||||
## Road map
|
|
||||||
|
|
||||||
### Initial thoughts
|
|
||||||
|
|
||||||
- Determine if image names will be persisted or fetched from API
|
|
||||||
- If persisted, how to update the stored names upon modification
|
|
||||||
- If fetched, how to fetch only images of a given project
|
|
Loading…
Reference in New Issue