Commit 584d414b authored by Steve Abrams's avatar Steve Abrams Committed by Thong Kuah

Dependency Proxy authentication and private groups

Remove the dependency_proxy_for_private_groups
feature flag to enable the Dependency Proxy
for private groups and enforce authentication
for all Dependency Proxy usage.
parent 560748e9
...@@ -24,7 +24,7 @@ module DependencyProxy ...@@ -24,7 +24,7 @@ module DependencyProxy
private private
def dependency_proxy_for_private_groups? def dependency_proxy_for_private_groups?
Feature.enabled?(:dependency_proxy_for_private_groups, default_enabled: false) Feature.enabled?(:dependency_proxy_for_private_groups, default_enabled: true)
end end
def request_bearer_token! def request_bearer_token!
......
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
- link_start = '<a href="%{url}">'.html_safe % { url: help_page_path('user/packages/dependency_proxy/index') } - link_start = '<a href="%{url}">'.html_safe % { url: help_page_path('user/packages/dependency_proxy/index') }
= _('Create a local proxy for storing frequently used upstream images. %{link_start}Learn more%{link_end} about dependency proxies.').html_safe % { link_start: link_start, link_end: '</a>'.html_safe } = _('Create a local proxy for storing frequently used upstream images. %{link_start}Learn more%{link_end} about dependency proxies.').html_safe % { link_start: link_start, link_end: '</a>'.html_safe }
- if Feature.enabled?(:dependency_proxy_for_private_groups, default_enabled: false) || @group.public? - if Feature.enabled?(:dependency_proxy_for_private_groups, default_enabled: true) || @group.public?
- if can?(current_user, :admin_dependency_proxy, @group) - if can?(current_user, :admin_dependency_proxy, @group)
= form_for(@dependency_proxy, method: :put, url: group_dependency_proxy_path(@group)) do |f| = form_for(@dependency_proxy, method: :put, url: group_dependency_proxy_path(@group)) do |f|
.form-group .form-group
......
---
title: Dependency Proxy for private groups and Dependency Proxy authentication
merge_request: 49519
author:
type: added
...@@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/276777 ...@@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/276777
milestone: '13.7' milestone: '13.7'
type: development type: development
group: group::package group: group::package
default_enabled: false default_enabled: true
...@@ -161,3 +161,22 @@ This section describes the earlier configuration format. ...@@ -161,3 +161,22 @@ This section describes the earlier configuration format.
``` ```
1. [Restart GitLab](../restart_gitlab.md#installations-from-source "How to restart GitLab") for the changes to take effect. 1. [Restart GitLab](../restart_gitlab.md#installations-from-source "How to restart GitLab") for the changes to take effect.
## Disabling Authentication
Authentication was introduced in 13.7 as part of [enabling private groups to use the
Dependency Proxy](https://gitlab.com/gitlab-org/gitlab/-/issues/11582). If you
previously used the Dependency Proxy without authentication and need to disable
this feature while you update your workflow to [authenticate with the Dependency
Proxy](../../user/packages/dependency_proxy/index.md#authenticate-with-the-dependency-proxy),
the following commands can be issued in a Rails console:
```ruby
# Disable the authentication
Feature.disable(:dependency_proxy_for_private_groups)
# Re-enable the authentication
Feature.enable(:dependency_proxy_for_private_groups)
```
The ability to disable this feature will be [removed in 13.9](https://gitlab.com/gitlab-org/gitlab/-/issues/276777).
...@@ -57,6 +57,19 @@ Prerequisites: ...@@ -57,6 +57,19 @@ Prerequisites:
### Authenticate with the Dependency Proxy ### Authenticate with the Dependency Proxy
> - [Authentication and support for private groups](https://gitlab.com/gitlab-org/gitlab/-/issues/11582) in [GitLab Core](https://about.gitlab.com/pricing/) 13.7.
> - It was [deployed behind a feature flag](../../feature_flags.md), disabled by default.
> - [Became enabled by default](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/49519) on GitLab 13.7.
> - It's enabled on GitLab.com.
> - It's recommended for production use.
> - For GitLab self-managed instances, GitLab administrators can opt to [disable it](../../../administration/packages/dependency_proxy.md#disabling-authentication). **(CORE ONLY)**
WARNING:
This feature might not be available to you. Check the **version history** note above for details.
The requirement to authenticate is a breaking change added in 13.7. An [administrator can temporarily
disable it](../../../administration/packages/dependency_proxy.md#disabling-authentication) if it
has disrupted your existing Dependency Proxy usage.
Because the Dependency Proxy is storing Docker images in a space associated with your group, Because the Dependency Proxy is storing Docker images in a space associated with your group,
you must authenticate against the Dependency Proxy. you must authenticate against the Dependency Proxy.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment