Deprecate htpasswd authentication
Context
htpasswd
is one of the authentication mechanisms currently supported by the registry (list). It relies on an Apache htpasswd file, with passwords hashed using bcrypt
.
Problem
This auth mechanism was inherited from the upstream Docker container registry implementation. This is not used in the context of GitLab (the product), as the only supported auth mechanism is the token
one (using GitLab Rails and its /jwt/auth
API endpoint as auth realm).
Keeping this auth mechanism around incurs additional maintenance effort. We should therefore deprecate and later remove it.
Solution
Although this auth mechanism is not exposed/documented in Omnibus or Charts, it could be used on source installs for test purposes. So we should issue a deprecation notice ahead of the feature removal.