Skip to content

G
gitlab-ce
Commit 243e9bc0 authored by Stan Hu's avatar Stan Hu
Browse files
Options

Merge branch 'fix-ci-login-to-registry' into 'master' 

Fix the CI login to Container Registry (the gitlab-ci-token user)

## What does this MR do?

This fixes `docker login` not succeeding when trying to do CI login: `gitlab-ci-token with $CI_BUILD_TOKEN`.

cc @marin

See merge request !4236
parents ccafa785 edfb20f2
Show whitespace changes
Inline Side-by-side
Showing with 6 additions and 5 deletions
CHANGELOG
View file @ 243e9bc0
...@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date. ...@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 8.8.1 (unreleased) v 8.8.1 (unreleased)
- Fix MySQL compatibility in zero downtime migrations helpers - Fix MySQL compatibility in zero downtime migrations helpers
- Fix the CI login to Container Registry (the gitlab-ci-token user)
v 8.8.0 (unreleased) v 8.8.0 (unreleased)
- Implement GFM references for milestones (Alejandro Rodríguez) - Implement GFM references for milestones (Alejandro Rodríguez)
......
app/controllers/jwt_controller.rb
View file @ 243e9bc0
...@@ -36,7 +36,7 @@ class JwtController < ApplicationController ...@@ -36,7 +36,7 @@ class JwtController < ApplicationController
end end
def authenticate_project(login, password) def authenticate_project(login, password)
if login == 'gitlab_ci_token' if login == 'gitlab-ci-token'
Project.find_by(builds_enabled: true, runners_token: password) Project.find_by(builds_enabled: true, runners_token: password)
end end
end end
......
app/services/auth/container_registry_authentication_service.rb
View file @ 243e9bc0
...@@ -6,7 +6,7 @@ module Auth ...@@ -6,7 +6,7 @@ module Auth
return error('not found', 404) unless registry.enabled return error('not found', 404) unless registry.enabled
if params[:offline_token] if params[:offline_token]
return error('unauthorized', 401) unless current_user return error('unauthorized', 401) unless current_user || project
else else
return error('forbidden', 403) unless scope return error('forbidden', 403) unless scope
end end
......
spec/requests/jwt_controller_spec.rb
View file @ 243e9bc0
...@@ -23,7 +23,7 @@ describe JwtController do ...@@ -23,7 +23,7 @@ describe JwtController do
context 'when using authorized request' do context 'when using authorized request' do
context 'using CI token' do context 'using CI token' do
let(:project) { create(:empty_project, runners_token: 'token', builds_enabled: builds_enabled) } let(:project) { create(:empty_project, runners_token: 'token', builds_enabled: builds_enabled) }
let(:headers) { { authorization: credentials('gitlab_ci_token', project.runners_token) } } let(:headers) { { authorization: credentials('gitlab-ci-token', project.runners_token) } }
subject! { get '/jwt/auth', parameters, headers } subject! { get '/jwt/auth', parameters, headers }
......
spec/services/auth/container_registry_authentication_service_spec.rb
View file @ 243e9bc0
...@@ -127,12 +127,12 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do ...@@ -127,12 +127,12 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
context 'project authorization' do context 'project authorization' do
let(:current_project) { create(:empty_project) } let(:current_project) { create(:empty_project) }
context 'disallow to use offline_token' do context 'allow to use offline_token' do
let(:current_params) do let(:current_params) do
{ offline_token: true } { offline_token: true }
end end
it_behaves_like 'an unauthorized' it_behaves_like 'an authenticated'
end end
context 'allow to pull and push images' do context 'allow to pull and push images' do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7