feat(api/gitlab/v1): add route for paginated list of repos under path

SAhmedrequested to merge
869-gitlab-v1-api-paginated-repo-list-by-path into master

Context 🥝

This MR builds on the efforts of !1192 (merged) (i.e an SQL query to fetch a list of all repositories with at least one tag in a repository path) by introducing a new API route that will expose said query.

  • Route: The new endpoint is exposed at /gitlab/v1/repository-paths/{{pathName}}/repositories/list/ and will only be accessible by the internal GitLab rails client (by having a valid JWT that satisfies the scope of repository:{{pathName}}:pull AND repository:{{pathName}}/*:pull). This endpoint is only available to registry instances that use the meta data database.
  • Pagination: This new endpoint utilizes a marker-based pagination by specifying the n and last query parameters. The n query parameter signals the maximum amount of entries to return, while the last query parameter (acts as a cursor) signalling the lexicographical point from which to continue listing the repositories under a specific pathName. The default number of n is set to 100 if no n is specified in a request to the endpoint, furthermore n is only allowed to be a whole number from 0 to 1000 (whenever the requirements are not met a detailed error is logged as well as returned to the client). With Pagination comes along a Link header in the request responses signalling the next page/batch of repositories following the results from a request, the Link header is omitted in the response if there are no more pages of repositories for the request.
  • Response Body: The response body is an array of objects (one per repository) with the the name, path, created_at, and updated_at attributes.

Demo 📺

200 OK & 400 Bad Request Status codes

Setup

  • Start the container registry locally and push any tagged images to repositories having similar base repository path test 
docker pull alpine:latest
docker tag alpine:latest registry:5000/test/alpine:latest
docker tag alpine:latest registry:5000/test/alpine/a:latest
docker tag alpine:latest registry:5000/test/alpine/a/b:latest
docker tag alpine:latest registry:5000/test/alpine/a1:latest
docker tag alpine:latest registry:5000/test/alpine/a/b/c:latest
docker push registry:5000/test/alpine:latest
docker push registry:5000/test/alpine/a:latest
docker push registry:5000/test/alpine/a/b:latest
docker push registry:5000/test/alpine/a1:latest
docker push registry:5000/test/alpine/a/b/c:latest
  • Load the Postman script in https://gitlab.com/suleimiahmed/registry-postman/-/tree/main/env/local into your postman dashboard or use curl to make a GET request to the endpoint: http://{{registry-host}}/gitlab/v1/repository-paths/:pathName:/repositories/list/ with:
    • pathName = test
    • and query parameter values of n and last that are allowed (see Pagination in the Context section above for details of what is allowed)

Manual Testing

869

401 Unauthorized Status codes

Setup

  • Start gdk with this branch's version of container registry
  • Create a project called onboarding/container-registry-onboading-issue on your gdk gitlab instance and enable container registry
  • Obtain the necessary token to push to the container registry and push to the project (at 1 parent repository and 1 sub repository):
docker pull alpine:latest
docker tag alpine:latest registry.test:5000/onboarding/container-registry-onboading-issue:latest
docker tag alpine:latest registry.test:5000/onboarding/container-registry-onboading-issue/a:latest
docker push registry.test:5000/onboarding/container-registry-onboading-issue:latest
docker push registry.test:5000/onboarding/container-registry-onboading-issue/a:latest
  • Load the Postman script in https://gitlab.com/suleimiahmed/registry-postman/-/tree/main/env/gdk into your postman dashboard or use curl
  • Obtain a token wit scope=repository:onboarding/container-registry-onboading-issue:pull from the gitlab abi auth service, using the jwt API call from the postman script (or via curl)
  • Use the returned token as Authorization: Bearer to make a GET request to the endpoint: http://{{registry-host}}/gitlab/v1/repository-paths/:pathName:/repositories/list/ with:
    • pathName = onboarding/container-registry-onboading-issue
    • and query parameter values of n and last that are allowed (see Pagination in the Context section above for details of what is allowed)

Manual Testing

869-DEMO2

How to test in gstg

To validate the successful gating of the API to allow only authentic tokens with scopes of: repository:a/project/path/with/nested/repos:pull AND repository:a/project/path/with/nested/repos/*:pull, we will need to:

  • Obtain a token with the above scopes from the staging environment's rails console (via teleport):
    • In the rails-console run: ::Auth::ContainerRegistryAuthenticationService.pull_nested_repositories_access_token('a/project/path/with/nested/repos')
  • Use the returned token as Authorization: Bearer to make a GET request to the endpoint: http://{{registry-host}}/gitlab/v1/repository-paths/:pathName:/repositories/list/ with:
    • pathName = a/project/path/with/nested/repos
    • and query parameter values of n and last that are allowed (see Pagination in the Context section above for details of what is allowed)
Edited by SAhmed

Merge request reports