Commit 68a2fa54 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Remove out-of-scope changes for multi-level images

parent c64d3630
......@@ -29,12 +29,6 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
redirect_to :back
end
def reset_container_registry_token
@application_setting.reset_container_registry_access_token!
flash[:notice] = 'New container registry access token has been generated!'
redirect_to :back
end
def clear_repository_check_states
RepositoryCheck::ClearWorker.perform_async
......
class Admin::ContainerRegistryController < Admin::ApplicationController
def show
@access_token = container_registry_access_token
end
private
def container_registry_access_token
current_application_settings.container_registry_access_token
end
end
......@@ -4,7 +4,6 @@ class ApplicationSetting < ActiveRecord::Base
add_authentication_token_field :runners_registration_token
add_authentication_token_field :health_check_access_token
add_authentication_token_field :container_registry_access_token
CACHE_KEY = 'application_setting.last'.freeze
DOMAIN_LIST_SEPARATOR = %r{\s*[,;]\s* # comma or semicolon, optionally surrounded by whitespace
......@@ -158,7 +157,6 @@ class ApplicationSetting < ActiveRecord::Base
before_save :ensure_runners_registration_token
before_save :ensure_health_check_access_token
before_save :ensure_container_registry_access_token
after_commit do
Rails.cache.write(CACHE_KEY, self)
......@@ -332,10 +330,6 @@ class ApplicationSetting < ActiveRecord::Base
ensure_health_check_access_token!
end
def container_registry_access_token
ensure_container_registry_access_token!
end
def sidekiq_throttling_enabled?
return false unless sidekiq_throttling_column_exists?
......
- @no_container = true
= render "admin/dashboard/head"
%div{ class: container_class }
%p.prepend-top-default
%span
To properly configure the Container Registry you should add the following
access token to the Docker Registry config.yml as follows:
%pre
%code
:plain
notifications:
endpoints:
- ...
headers:
X-Registry-Token: [#{@access_token}]
%br
Access token is
%code{ id: 'registry-token' }= @access_token
.bs-callout.clearfix
.pull-left
%p
You can reset container registry access token by pressing the button below.
%p
= button_to reset_container_registry_token_admin_application_settings_path,
method: :put, class: 'btn btn-default',
data: { confirm: 'Are you sure you want to reset container registry token?' } do
= icon('refresh')
Reset container registry access token
......@@ -27,7 +27,3 @@
= link_to admin_runners_path, title: 'Runners' do
%span
Runners
= nav_link path: 'container_registry#show' do
= link_to admin_container_registry_path, title: 'Registry' do
%span
Registry
......@@ -63,7 +63,6 @@ namespace :admin do
resource :background_jobs, controller: 'background_jobs', only: [:show]
resource :system_info, controller: 'system_info', only: [:show]
resources :requests_profiles, only: [:index, :show], param: :name, constraints: { name: /.+\.html/ }
resource :container_registry, controller: 'container_registry', only: [:show]
resources :projects, only: [:index]
......@@ -94,7 +93,6 @@ namespace :admin do
resources :services, only: [:index, :edit, :update]
put :reset_runners_token
put :reset_health_check_token
put :reset_container_registry_token
put :clear_repository_check_states
end
......
# See http://doc.gitlab.com/ce/development/migration_style_guide.html
# for more information on how to write migrations for GitLab.
class AddContainerRegistryAccessTokenToApplicationSettings < ActiveRecord::Migration
include Gitlab::Database::MigrationHelpers
# Set this constant to true if this migration requires downtime.
DOWNTIME = false
def change
add_column :application_settings, :container_registry_access_token, :string
end
end
......@@ -87,23 +87,6 @@ auth:
rootcertbundle: /root/certs/certbundle
```
Also a notification endpoint must be configured with the token from
Admin Area -> Overview -> Registry (`/admin/container_registry`) like in the following sample:
```
notifications:
endpoints:
- name: listener
url: https://gitlab.example.com/api/v3/registry_events
headers:
X-Registry-Token: [57Cx95fc2zHFh93VTiGD]
timeout: 500ms
threshold: 5
backoff: 1s
```
Check the [Registry endpoint configuration][registry-endpoint] for details.
## Container Registry domain configuration
There are two ways you can configure the Registry's external domain.
......@@ -600,7 +583,6 @@ notifications:
[storage-config]: https://docs.docker.com/registry/configuration/#storage
[registry-http-config]: https://docs.docker.com/registry/configuration/#http
[registry-auth]: https://docs.docker.com/registry/configuration/#auth
[registry-endpoint]: https://docs.docker.com/registry/notifications/#/configuration
[token-config]: https://docs.docker.com/registry/configuration/#token
[8-8-docs]: https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/doc/administration/container_registry.md
[registry-ssl]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/registry-ssl
......
......@@ -104,7 +104,6 @@ module API
mount ::API::Namespaces
mount ::API::Notes
mount ::API::NotificationSettings
mount ::API::RegistryEvents
mount ::API::Pipelines
mount ::API::ProjectHooks
mount ::API::Projects
......
......@@ -111,16 +111,6 @@ module API
end
end
def authenticate_container_registry_access_token!
token = request.headers['X-Registry-Token']
unless token.present? && ActiveSupport::SecurityUtils.variable_size_secure_compare(
token,
current_application_settings.container_registry_access_token
)
unauthorized!
end
end
def authenticated_as_admin!
authenticate!
forbidden! unless current_user.is_admin?
......
module API
# RegistryEvents API
class RegistryEvents < Grape::API
before { authenticate_container_registry_access_token! }
content_type :json, 'application/vnd.docker.distribution.events.v1+json'
params do
requires :events, type: Array, desc: 'The ID of a project' do
requires :id, type: String, desc: 'The ID of the event'
requires :timestamp, type: String, desc: 'Timestamp of the event'
requires :action, type: String, desc: 'Action performed by event'
requires :target, type: Hash, desc: 'Target of the event' do
optional :mediaType, type: String, desc: 'Media type of the target'
optional :size, type: Integer, desc: 'Size in bytes of the target'
requires :digest, type: String, desc: 'Digest of the target'
requires :repository, type: String, desc: 'Repository of target'
optional :url, type: String, desc: 'Url of the target'
optional :tag, type: String, desc: 'Tag of the target'
end
requires :request, type: Hash, desc: 'Request of the event' do
requires :id, type: String, desc: 'The ID of the request'
optional :addr, type: String, desc: 'IP Address of the request client'
optional :host, type: String, desc: 'Hostname of the registry instance'
requires :method, type: String, desc: 'Request method'
requires :useragent, type: String, desc: 'UserAgent header of the request'
end
requires :actor, type: Hash, desc: 'Actor that initiated the event' do
optional :name, type: String, desc: 'Actor name'
end
requires :source, type: Hash, desc: 'Source of the event' do
optional :addr, type: String, desc: 'Hostname of source registry node'
optional :instanceID, type: String, desc: 'Source registry node instanceID'
end
end
end
resource :registry_events do
post do
params['events'].each do |event|
repository = event['target']['repository']
if event['action'] == 'push' && !!event['target']['tag']
namespace, container_image_name = ContainerImage::split_namespace(repository)
project = Project::find_by_full_path(namespace)
if project
container_image = project.container_images.find_or_create_by(name: container_image_name, path: container_image_name)
unless container_image.valid?
render_api_error!({ error: "Failed to create container image!" }, 400)
end
else
not_found!('Project')
end
end
end
end
end
end
end
## Road map
### Initial thoughts
- Determine if image names will be persisted or fetched from API
- If persisted, how to update the stored names upon modification
- If fetched, how to fetch only images of a given project
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment