Remove out-of-scope changes for multi-level images
This commit is contained in:
parent
c64d36306c
commit
68a2fa54de
|
@ -29,12 +29,6 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
|
|||
redirect_to :back
|
||||
end
|
||||
|
||||
def reset_container_registry_token
|
||||
@application_setting.reset_container_registry_access_token!
|
||||
flash[:notice] = 'New container registry access token has been generated!'
|
||||
redirect_to :back
|
||||
end
|
||||
|
||||
def clear_repository_check_states
|
||||
RepositoryCheck::ClearWorker.perform_async
|
||||
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
class Admin::ContainerRegistryController < Admin::ApplicationController
|
||||
def show
|
||||
@access_token = container_registry_access_token
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def container_registry_access_token
|
||||
current_application_settings.container_registry_access_token
|
||||
end
|
||||
end
|
|
@ -4,7 +4,6 @@ class ApplicationSetting < ActiveRecord::Base
|
|||
|
||||
add_authentication_token_field :runners_registration_token
|
||||
add_authentication_token_field :health_check_access_token
|
||||
add_authentication_token_field :container_registry_access_token
|
||||
|
||||
CACHE_KEY = 'application_setting.last'.freeze
|
||||
DOMAIN_LIST_SEPARATOR = %r{\s*[,;]\s* # comma or semicolon, optionally surrounded by whitespace
|
||||
|
@ -158,7 +157,6 @@ class ApplicationSetting < ActiveRecord::Base
|
|||
|
||||
before_save :ensure_runners_registration_token
|
||||
before_save :ensure_health_check_access_token
|
||||
before_save :ensure_container_registry_access_token
|
||||
|
||||
after_commit do
|
||||
Rails.cache.write(CACHE_KEY, self)
|
||||
|
@ -332,10 +330,6 @@ class ApplicationSetting < ActiveRecord::Base
|
|||
ensure_health_check_access_token!
|
||||
end
|
||||
|
||||
def container_registry_access_token
|
||||
ensure_container_registry_access_token!
|
||||
end
|
||||
|
||||
def sidekiq_throttling_enabled?
|
||||
return false unless sidekiq_throttling_column_exists?
|
||||
|
||||
|
|
|
@ -1,31 +0,0 @@
|
|||
- @no_container = true
|
||||
= render "admin/dashboard/head"
|
||||
|
||||
%div{ class: container_class }
|
||||
|
||||
%p.prepend-top-default
|
||||
%span
|
||||
To properly configure the Container Registry you should add the following
|
||||
access token to the Docker Registry config.yml as follows:
|
||||
%pre
|
||||
%code
|
||||
:plain
|
||||
notifications:
|
||||
endpoints:
|
||||
- ...
|
||||
headers:
|
||||
X-Registry-Token: [#{@access_token}]
|
||||
%br
|
||||
Access token is
|
||||
%code{ id: 'registry-token' }= @access_token
|
||||
|
||||
.bs-callout.clearfix
|
||||
.pull-left
|
||||
%p
|
||||
You can reset container registry access token by pressing the button below.
|
||||
%p
|
||||
= button_to reset_container_registry_token_admin_application_settings_path,
|
||||
method: :put, class: 'btn btn-default',
|
||||
data: { confirm: 'Are you sure you want to reset container registry token?' } do
|
||||
= icon('refresh')
|
||||
Reset container registry access token
|
|
@ -27,7 +27,3 @@
|
|||
= link_to admin_runners_path, title: 'Runners' do
|
||||
%span
|
||||
Runners
|
||||
= nav_link path: 'container_registry#show' do
|
||||
= link_to admin_container_registry_path, title: 'Registry' do
|
||||
%span
|
||||
Registry
|
||||
|
|
|
@ -63,7 +63,6 @@ namespace :admin do
|
|||
resource :background_jobs, controller: 'background_jobs', only: [:show]
|
||||
resource :system_info, controller: 'system_info', only: [:show]
|
||||
resources :requests_profiles, only: [:index, :show], param: :name, constraints: { name: /.+\.html/ }
|
||||
resource :container_registry, controller: 'container_registry', only: [:show]
|
||||
|
||||
resources :projects, only: [:index]
|
||||
|
||||
|
@ -94,7 +93,6 @@ namespace :admin do
|
|||
resources :services, only: [:index, :edit, :update]
|
||||
put :reset_runners_token
|
||||
put :reset_health_check_token
|
||||
put :reset_container_registry_token
|
||||
put :clear_repository_check_states
|
||||
end
|
||||
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
# See http://doc.gitlab.com/ce/development/migration_style_guide.html
|
||||
# for more information on how to write migrations for GitLab.
|
||||
|
||||
class AddContainerRegistryAccessTokenToApplicationSettings < ActiveRecord::Migration
|
||||
include Gitlab::Database::MigrationHelpers
|
||||
|
||||
# Set this constant to true if this migration requires downtime.
|
||||
DOWNTIME = false
|
||||
|
||||
def change
|
||||
add_column :application_settings, :container_registry_access_token, :string
|
||||
end
|
||||
end
|
|
@ -87,23 +87,6 @@ auth:
|
|||
rootcertbundle: /root/certs/certbundle
|
||||
```
|
||||
|
||||
Also a notification endpoint must be configured with the token from
|
||||
Admin Area -> Overview -> Registry (`/admin/container_registry`) like in the following sample:
|
||||
|
||||
```
|
||||
notifications:
|
||||
endpoints:
|
||||
- name: listener
|
||||
url: https://gitlab.example.com/api/v3/registry_events
|
||||
headers:
|
||||
X-Registry-Token: [57Cx95fc2zHFh93VTiGD]
|
||||
timeout: 500ms
|
||||
threshold: 5
|
||||
backoff: 1s
|
||||
```
|
||||
|
||||
Check the [Registry endpoint configuration][registry-endpoint] for details.
|
||||
|
||||
## Container Registry domain configuration
|
||||
|
||||
There are two ways you can configure the Registry's external domain.
|
||||
|
@ -600,7 +583,6 @@ notifications:
|
|||
[storage-config]: https://docs.docker.com/registry/configuration/#storage
|
||||
[registry-http-config]: https://docs.docker.com/registry/configuration/#http
|
||||
[registry-auth]: https://docs.docker.com/registry/configuration/#auth
|
||||
[registry-endpoint]: https://docs.docker.com/registry/notifications/#/configuration
|
||||
[token-config]: https://docs.docker.com/registry/configuration/#token
|
||||
[8-8-docs]: https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/doc/administration/container_registry.md
|
||||
[registry-ssl]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/registry-ssl
|
||||
|
|
|
@ -104,7 +104,6 @@ module API
|
|||
mount ::API::Namespaces
|
||||
mount ::API::Notes
|
||||
mount ::API::NotificationSettings
|
||||
mount ::API::RegistryEvents
|
||||
mount ::API::Pipelines
|
||||
mount ::API::ProjectHooks
|
||||
mount ::API::Projects
|
||||
|
|
|
@ -111,16 +111,6 @@ module API
|
|||
end
|
||||
end
|
||||
|
||||
def authenticate_container_registry_access_token!
|
||||
token = request.headers['X-Registry-Token']
|
||||
unless token.present? && ActiveSupport::SecurityUtils.variable_size_secure_compare(
|
||||
token,
|
||||
current_application_settings.container_registry_access_token
|
||||
)
|
||||
unauthorized!
|
||||
end
|
||||
end
|
||||
|
||||
def authenticated_as_admin!
|
||||
authenticate!
|
||||
forbidden! unless current_user.is_admin?
|
||||
|
|
|
@ -1,60 +0,0 @@
|
|||
module API
|
||||
# RegistryEvents API
|
||||
class RegistryEvents < Grape::API
|
||||
before { authenticate_container_registry_access_token! }
|
||||
|
||||
content_type :json, 'application/vnd.docker.distribution.events.v1+json'
|
||||
|
||||
params do
|
||||
requires :events, type: Array, desc: 'The ID of a project' do
|
||||
requires :id, type: String, desc: 'The ID of the event'
|
||||
requires :timestamp, type: String, desc: 'Timestamp of the event'
|
||||
requires :action, type: String, desc: 'Action performed by event'
|
||||
requires :target, type: Hash, desc: 'Target of the event' do
|
||||
optional :mediaType, type: String, desc: 'Media type of the target'
|
||||
optional :size, type: Integer, desc: 'Size in bytes of the target'
|
||||
requires :digest, type: String, desc: 'Digest of the target'
|
||||
requires :repository, type: String, desc: 'Repository of target'
|
||||
optional :url, type: String, desc: 'Url of the target'
|
||||
optional :tag, type: String, desc: 'Tag of the target'
|
||||
end
|
||||
requires :request, type: Hash, desc: 'Request of the event' do
|
||||
requires :id, type: String, desc: 'The ID of the request'
|
||||
optional :addr, type: String, desc: 'IP Address of the request client'
|
||||
optional :host, type: String, desc: 'Hostname of the registry instance'
|
||||
requires :method, type: String, desc: 'Request method'
|
||||
requires :useragent, type: String, desc: 'UserAgent header of the request'
|
||||
end
|
||||
requires :actor, type: Hash, desc: 'Actor that initiated the event' do
|
||||
optional :name, type: String, desc: 'Actor name'
|
||||
end
|
||||
requires :source, type: Hash, desc: 'Source of the event' do
|
||||
optional :addr, type: String, desc: 'Hostname of source registry node'
|
||||
optional :instanceID, type: String, desc: 'Source registry node instanceID'
|
||||
end
|
||||
end
|
||||
end
|
||||
resource :registry_events do
|
||||
post do
|
||||
params['events'].each do |event|
|
||||
repository = event['target']['repository']
|
||||
|
||||
if event['action'] == 'push' && !!event['target']['tag']
|
||||
namespace, container_image_name = ContainerImage::split_namespace(repository)
|
||||
project = Project::find_by_full_path(namespace)
|
||||
|
||||
if project
|
||||
container_image = project.container_images.find_or_create_by(name: container_image_name, path: container_image_name)
|
||||
|
||||
unless container_image.valid?
|
||||
render_api_error!({ error: "Failed to create container image!" }, 400)
|
||||
end
|
||||
else
|
||||
not_found!('Project')
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,7 +0,0 @@
|
|||
## Road map
|
||||
|
||||
### Initial thoughts
|
||||
|
||||
- Determine if image names will be persisted or fetched from API
|
||||
- If persisted, how to update the stored names upon modification
|
||||
- If fetched, how to fetch only images of a given project
|
Loading…
Reference in New Issue