feat(api/gitlab/v1): add route for paginated list of repos under path
- Related to #869 (closed)
🥝
Context This MR builds on the efforts of !1192 (merged) (i.e an SQL query to fetch a list of all repositories with at least one tag in a repository path) by introducing a new API route that will expose said query.
-
Route: The new endpoint is exposed at
/gitlab/v1/repository-paths/{{pathName}}/repositories/list/
and will only be accessible by the internal GitLab rails client (by having a valid JWT that satisfies the scope ofrepository:{{pathName}}:pull
ANDrepository:{{pathName}}/*:pull
). This endpoint is only available to registry instances that use the meta data database. -
Pagination: This new endpoint utilizes a marker-based pagination by specifying the
n
andlast
query parameters. Then
query parameter signals the maximum amount of entries to return, while thelast
query parameter (acts as a cursor) signalling the lexicographical point from which to continue listing the repositories under a specificpathName
. The default number ofn
is set to 100 if non
is specified in a request to the endpoint, furthermoren
is only allowed to be a whole number from0
to1000
(whenever the requirements are not met a detailed error is logged as well as returned to the client). With Pagination comes along aLink
header in the request responses signalling the next page/batch of repositories following the results from a request, theLink
header is omitted in the response if there are no more pages of repositories for the request. -
Response Body: The response body is an array of objects (one per repository) with the the
name
,path
,created_at
, andupdated_at
attributes.
📺
Demo 200 OK & 400 Bad Request Status codes
Setup
- Start the container registry locally and push any tagged images to repositories having similar base repository path
test
docker pull alpine:latest
docker tag alpine:latest registry:5000/test/alpine:latest
docker tag alpine:latest registry:5000/test/alpine/a:latest
docker tag alpine:latest registry:5000/test/alpine/a/b:latest
docker tag alpine:latest registry:5000/test/alpine/a1:latest
docker tag alpine:latest registry:5000/test/alpine/a/b/c:latest
docker push registry:5000/test/alpine:latest
docker push registry:5000/test/alpine/a:latest
docker push registry:5000/test/alpine/a/b:latest
docker push registry:5000/test/alpine/a1:latest
docker push registry:5000/test/alpine/a/b/c:latest
- Load the Postman script in https://gitlab.com/suleimiahmed/registry-postman/-/tree/main/env/local into your postman dashboard or use
curl
to make a GET request to the endpoint:http://{{registry-host}}/gitlab/v1/repository-paths/:pathName:/repositories/list/
with:-
pathName
=test
- and query parameter values of
n
andlast
that are allowed (see Pagination in the Context section above for details of what is allowed)
-
Manual Testing
401 Unauthorized Status codes
Setup
- Start gdk with this branch's version of container registry
- Create a project called
onboarding/container-registry-onboading-issue
on your gdk gitlab instance and enable container registry - Obtain the necessary token to push to the container registry and push to the project (at 1 parent repository and 1 sub repository):
docker pull alpine:latest
docker tag alpine:latest registry.test:5000/onboarding/container-registry-onboading-issue:latest
docker tag alpine:latest registry.test:5000/onboarding/container-registry-onboading-issue/a:latest
docker push registry.test:5000/onboarding/container-registry-onboading-issue:latest
docker push registry.test:5000/onboarding/container-registry-onboading-issue/a:latest
- Load the Postman script in https://gitlab.com/suleimiahmed/registry-postman/-/tree/main/env/gdk into your postman dashboard or use
curl
- Obtain a token wit scope=
repository:onboarding/container-registry-onboading-issue:pull
from the gitlab abi auth service, using thejwt
API call from the postman script (or via curl) - Use the returned token as
Authorization: Bearer
to make a GET request to the endpoint:http://{{registry-host}}/gitlab/v1/repository-paths/:pathName:/repositories/list/
with:-
pathName
=onboarding/container-registry-onboading-issue
- and query parameter values of
n
andlast
that are allowed (see Pagination in the Context section above for details of what is allowed)
-
Manual Testing
How to test in gstg
To validate the successful gating of the API to allow only authentic tokens with scopes of: repository:a/project/path/with/nested/repos:pull
AND repository:a/project/path/with/nested/repos/*:pull
, we will need to:
- Obtain a token with the above scopes from the staging environment's rails console (via teleport):
- In the rails-console run:
::Auth::ContainerRegistryAuthenticationService.pull_nested_repositories_access_token('a/project/path/with/nested/repos')
- In the rails-console run:
- Use the returned token as
Authorization: Bearer
to make a GET request to the endpoint:http://{{registry-host}}/gitlab/v1/repository-paths/:pathName:/repositories/list/
with:-
pathName
=a/project/path/with/nested/repos
- and query parameter values of
n
andlast
that are allowed (see Pagination in the Context section above for details of what is allowed)
-
Edited by Suleimi Ahmed