Commit be5cde2c authored by Markus Koller's avatar Markus Koller

Merge branch '204839-rake-task-auth' into 'master'

Add authentication to registry configure rake task

Closes #204839

See merge request gitlab-org/gitlab!33496
parents 95acdb6a 9b781f73
......@@ -11,7 +11,13 @@ namespace :gitlab do
warn_user_is_not_gitlab
url = registry_config.api_url
client = ContainerRegistry::Client.new(url)
# registry_info will query the /v2 route of the registry API. This route
# requires authentication, but not authorization (the response has no body,
# only headers that show the version of the registry). There is no
# associated user when running this rake, so we need to generate a valid
# JWT token with no access permissions to authenticate as a trusted client.
token = Auth::ContainerRegistryAuthenticationService.access_token([], [])
client = ContainerRegistry::Client.new(url, token: token)
info = client.registry_info
Gitlab::CurrentSettings.update!(
......
......@@ -4,6 +4,7 @@ require 'rake_helper'
describe 'gitlab:container_registry namespace rake tasks' do
let_it_be(:application_settings) { Gitlab::CurrentSettings }
let_it_be(:api_url) { 'http://registry.gitlab' }
before :all do
Rake.application.rake_require 'tasks/gitlab/container_registry'
......@@ -11,7 +12,8 @@ describe 'gitlab:container_registry namespace rake tasks' do
describe 'configure' do
before do
stub_container_registry_config(enabled: true, api_url: 'http://registry.gitlab')
stub_access_token
stub_container_registry_config(enabled: true, api_url: api_url)
end
shared_examples 'invalid config' do
......@@ -37,6 +39,24 @@ describe 'gitlab:container_registry namespace rake tasks' do
it_behaves_like 'invalid config'
end
context 'when creating a registry client instance' do
let(:token) { 'foo' }
let(:client) { ContainerRegistry::Client.new(api_url, token: token) }
before do
stub_registry_info({})
end
it 'uses a token with no access permissions' do
expect(Auth::ContainerRegistryAuthenticationService)
.to receive(:access_token).with([], []).and_return(token)
expect(ContainerRegistry::Client)
.to receive(:new).with(api_url, token: token).and_return(client)
run_rake_task('gitlab:container_registry:configure')
end
end
context 'when unabled to detect the container registry type' do
it 'fails and raises an error message' do
stub_registry_info({})
......@@ -79,6 +99,11 @@ describe 'gitlab:container_registry namespace rake tasks' do
end
end
def stub_access_token
allow(Auth::ContainerRegistryAuthenticationService)
.to receive(:access_token).with([], []).and_return('foo')
end
def stub_registry_info(output)
allow_next_instance_of(ContainerRegistry::Client) do |client|
allow(client).to receive(:registry_info).and_return(output)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment