Commit be5cde2c authored by Markus Koller's avatar Markus Koller

Merge branch '204839-rake-task-auth' into 'master'

Add authentication to registry configure rake task

Closes #204839

See merge request gitlab-org/gitlab!33496
parents 95acdb6a 9b781f73
...@@ -11,7 +11,13 @@ namespace :gitlab do ...@@ -11,7 +11,13 @@ namespace :gitlab do
warn_user_is_not_gitlab warn_user_is_not_gitlab
url = registry_config.api_url url = registry_config.api_url
client = ContainerRegistry::Client.new(url) # registry_info will query the /v2 route of the registry API. This route
# requires authentication, but not authorization (the response has no body,
# only headers that show the version of the registry). There is no
# associated user when running this rake, so we need to generate a valid
# JWT token with no access permissions to authenticate as a trusted client.
token = Auth::ContainerRegistryAuthenticationService.access_token([], [])
client = ContainerRegistry::Client.new(url, token: token)
info = client.registry_info info = client.registry_info
Gitlab::CurrentSettings.update!( Gitlab::CurrentSettings.update!(
......
...@@ -4,6 +4,7 @@ require 'rake_helper' ...@@ -4,6 +4,7 @@ require 'rake_helper'
describe 'gitlab:container_registry namespace rake tasks' do describe 'gitlab:container_registry namespace rake tasks' do
let_it_be(:application_settings) { Gitlab::CurrentSettings } let_it_be(:application_settings) { Gitlab::CurrentSettings }
let_it_be(:api_url) { 'http://registry.gitlab' }
before :all do before :all do
Rake.application.rake_require 'tasks/gitlab/container_registry' Rake.application.rake_require 'tasks/gitlab/container_registry'
...@@ -11,7 +12,8 @@ describe 'gitlab:container_registry namespace rake tasks' do ...@@ -11,7 +12,8 @@ describe 'gitlab:container_registry namespace rake tasks' do
describe 'configure' do describe 'configure' do
before do before do
stub_container_registry_config(enabled: true, api_url: 'http://registry.gitlab') stub_access_token
stub_container_registry_config(enabled: true, api_url: api_url)
end end
shared_examples 'invalid config' do shared_examples 'invalid config' do
...@@ -37,6 +39,24 @@ describe 'gitlab:container_registry namespace rake tasks' do ...@@ -37,6 +39,24 @@ describe 'gitlab:container_registry namespace rake tasks' do
it_behaves_like 'invalid config' it_behaves_like 'invalid config'
end end
context 'when creating a registry client instance' do
let(:token) { 'foo' }
let(:client) { ContainerRegistry::Client.new(api_url, token: token) }
before do
stub_registry_info({})
end
it 'uses a token with no access permissions' do
expect(Auth::ContainerRegistryAuthenticationService)
.to receive(:access_token).with([], []).and_return(token)
expect(ContainerRegistry::Client)
.to receive(:new).with(api_url, token: token).and_return(client)
run_rake_task('gitlab:container_registry:configure')
end
end
context 'when unabled to detect the container registry type' do context 'when unabled to detect the container registry type' do
it 'fails and raises an error message' do it 'fails and raises an error message' do
stub_registry_info({}) stub_registry_info({})
...@@ -79,6 +99,11 @@ describe 'gitlab:container_registry namespace rake tasks' do ...@@ -79,6 +99,11 @@ describe 'gitlab:container_registry namespace rake tasks' do
end end
end end
def stub_access_token
allow(Auth::ContainerRegistryAuthenticationService)
.to receive(:access_token).with([], []).and_return('foo')
end
def stub_registry_info(output) def stub_registry_info(output)
allow_next_instance_of(ContainerRegistry::Client) do |client| allow_next_instance_of(ContainerRegistry::Client) do |client|
allow(client).to receive(:registry_info).and_return(output) allow(client).to receive(:registry_info).and_return(output)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment