Remove out-of-scope changes for multi-level images

app/controllers/admin/application_settings_controller.rb

@@ -29,12 +29,6 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
     redirect_to :back
   end
 
-  def reset_container_registry_token
-    @application_setting.reset_container_registry_access_token!
-    flash[:notice] = 'New container registry access token has been generated!'
-    redirect_to :back
-  end
-
   def clear_repository_check_states
     RepositoryCheck::ClearWorker.perform_async
 

app/controllers/admin/container_registry_controller.rb

-class Admin::ContainerRegistryController < Admin::ApplicationController
-  def show
-    @access_token = container_registry_access_token
-  end
-
-  private
-
-  def container_registry_access_token
-    current_application_settings.container_registry_access_token
-  end
-end

app/models/application_setting.rb

@@ -4,7 +4,6 @@ class ApplicationSetting < ActiveRecord::Base
 
   add_authentication_token_field :runners_registration_token
   add_authentication_token_field :health_check_access_token
-  add_authentication_token_field :container_registry_access_token
 
   CACHE_KEY = 'application_setting.last'.freeze
   DOMAIN_LIST_SEPARATOR = %r{\s*[,;]\s*     # comma or semicolon, optionally surrounded by whitespace
@@ -158,7 +157,6 @@ class ApplicationSetting < ActiveRecord::Base
 
   before_save :ensure_runners_registration_token
   before_save :ensure_health_check_access_token
-  before_save :ensure_container_registry_access_token
 
   after_commit do
     Rails.cache.write(CACHE_KEY, self)
@@ -332,10 +330,6 @@ class ApplicationSetting < ActiveRecord::Base
     ensure_health_check_access_token!
   end
 
-  def container_registry_access_token
-    ensure_container_registry_access_token!
-  end
-
   def sidekiq_throttling_enabled?
     return false unless sidekiq_throttling_column_exists?
 

app/views/admin/container_registry/show.html.haml

-- @no_container = true
-= render "admin/dashboard/head"
-
-%div{ class: container_class }
-
-  %p.prepend-top-default
-    %span
-      To properly configure the Container Registry you should add the following
-      access token to the Docker Registry config.yml as follows:
-      %pre
-        %code
-          :plain
-            notifications:
-              endpoints:
-                - ...
-                  headers:
-                    X-Registry-Token: [#{@access_token}]
-      %br
-      Access token is
-      %code{ id: 'registry-token' }= @access_token
-
-  .bs-callout.clearfix
-    .pull-left
-      %p
-        You can reset container registry access token by pressing the button below.
-      %p
-        = button_to reset_container_registry_token_admin_application_settings_path,
-          method: :put, class: 'btn btn-default',
-          data: { confirm: 'Are you sure you want to reset container registry token?' } do
-          = icon('refresh')
-          Reset container registry access token

app/views/admin/dashboard/_head.html.haml

@@ -27,7 +27,3 @@
           = link_to admin_runners_path, title: 'Runners' do
             %span
               Runners
-        = nav_link path: 'container_registry#show' do
-          = link_to admin_container_registry_path, title: 'Registry' do
-            %span
-              Registry

config/routes/admin.rb

@@ -63,7 +63,6 @@ namespace :admin do
   resource :background_jobs, controller: 'background_jobs', only: [:show]
   resource :system_info, controller: 'system_info', only: [:show]
   resources :requests_profiles, only: [:index, :show], param: :name, constraints: { name: /.+\.html/ }
-  resource :container_registry, controller: 'container_registry', only: [:show]
 
   resources :projects, only: [:index]
 
@@ -94,7 +93,6 @@ namespace :admin do
     resources :services, only: [:index, :edit, :update]
     put :reset_runners_token
     put :reset_health_check_token
-    put :reset_container_registry_token
     put :clear_repository_check_states
   end
 

db/migrate/20161213212947_add_container_registry_access_token_to_application_settings.rb

-# See http://doc.gitlab.com/ce/development/migration_style_guide.html
-# for more information on how to write migrations for GitLab.
-
-class AddContainerRegistryAccessTokenToApplicationSettings < ActiveRecord::Migration
-  include Gitlab::Database::MigrationHelpers
-
-  # Set this constant to true if this migration requires downtime.
-  DOWNTIME = false
-
-  def change
-    add_column :application_settings, :container_registry_access_token, :string
-  end
-end

doc/administration/container_registry.md

@@ -87,23 +87,6 @@ auth:
     rootcertbundle: /root/certs/certbundle
 ```
 
-Also a notification endpoint must be configured with the token from
-Admin Area -> Overview -> Registry (`/admin/container_registry`) like in the following sample:
-
-```
-notifications:
-  endpoints:
-    - name: listener
-      url: https://gitlab.example.com/api/v3/registry_events
-      headers:
-        X-Registry-Token: [57Cx95fc2zHFh93VTiGD]
-      timeout: 500ms
-      threshold: 5
-      backoff: 1s
-```
-
-Check the [Registry endpoint configuration][registry-endpoint] for details.
-
 ## Container Registry domain configuration
 
 There are two ways you can configure the Registry's external domain.
@@ -600,7 +583,6 @@ notifications:
 [storage-config]: https://docs.docker.com/registry/configuration/#storage
 [registry-http-config]: https://docs.docker.com/registry/configuration/#http
 [registry-auth]: https://docs.docker.com/registry/configuration/#auth
-[registry-endpoint]: https://docs.docker.com/registry/notifications/#/configuration
 [token-config]: https://docs.docker.com/registry/configuration/#token
 [8-8-docs]: https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/doc/administration/container_registry.md
 [registry-ssl]: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/registry-ssl

lib/api/api.rb

@@ -104,7 +104,6 @@ module API
     mount ::API::Namespaces
     mount ::API::Notes
     mount ::API::NotificationSettings
-    mount ::API::RegistryEvents
     mount ::API::Pipelines
     mount ::API::ProjectHooks
     mount ::API::Projects

lib/api/helpers.rb

@@ -111,16 +111,6 @@ module API
       end
     end
 
-    def authenticate_container_registry_access_token!
-      token = request.headers['X-Registry-Token']
-      unless token.present? && ActiveSupport::SecurityUtils.variable_size_secure_compare(
-        token,
-        current_application_settings.container_registry_access_token
-      )
-        unauthorized!
-      end
-    end
-
     def authenticated_as_admin!
       authenticate!
       forbidden! unless current_user.is_admin?

lib/api/registry_events.rb

-module API
-  # RegistryEvents API
-  class RegistryEvents < Grape::API
-    before { authenticate_container_registry_access_token! }
-
-    content_type :json, 'application/vnd.docker.distribution.events.v1+json'
-
-    params do
-      requires :events, type: Array, desc: 'The ID of a project' do
-        requires :id, type: String, desc: 'The ID of the event'
-        requires :timestamp, type: String, desc: 'Timestamp of the event'
-        requires :action, type: String, desc: 'Action performed by event'
-        requires :target, type: Hash, desc: 'Target of the event' do
-          optional :mediaType, type: String, desc: 'Media type of the target'
-          optional :size, type: Integer, desc: 'Size in bytes of the target'
-          requires :digest, type: String, desc: 'Digest of the target'
-          requires :repository, type: String, desc: 'Repository of target'
-          optional :url, type: String, desc: 'Url of the target'
-          optional :tag, type: String, desc: 'Tag of the target'
-        end
-        requires :request, type: Hash, desc: 'Request of the event' do
-          requires :id, type: String, desc: 'The ID of the request'
-          optional :addr, type: String, desc: 'IP Address of the request client'
-          optional :host, type: String, desc: 'Hostname of the registry instance'
-          requires :method, type: String, desc: 'Request method'
-          requires :useragent, type: String, desc: 'UserAgent header of the request'
-        end
-        requires :actor, type: Hash, desc: 'Actor that initiated the event' do
-          optional :name, type: String, desc: 'Actor name'
-        end
-        requires :source, type: Hash, desc: 'Source of the event' do
-          optional :addr, type: String, desc: 'Hostname of source registry node'
-          optional :instanceID, type: String, desc: 'Source registry node instanceID'
-        end
-      end
-    end
-    resource :registry_events do
-      post do
-        params['events'].each do |event|
-          repository = event['target']['repository']
-
-          if event['action'] == 'push' && !!event['target']['tag']
-            namespace, container_image_name = ContainerImage::split_namespace(repository)
-            project = Project::find_by_full_path(namespace)
-
-            if project
-              container_image = project.container_images.find_or_create_by(name: container_image_name, path: container_image_name)
-
-              unless container_image.valid?
-                render_api_error!({ error: "Failed to create container image!" }, 400)
-              end
-            else
-              not_found!('Project')
-            end
-          end
-        end
-      end
-    end
-  end
-end

lib/container_registry/ROADMAP.md

-## Road map
-
-### Initial thoughts
-
-- Determine if image names will be persisted or fetched from API
-- If persisted, how to update the stored names upon modification
-- If fetched, how to fetch only images of a given project