Skip to content

feat: inject GitLab namespace and project IDs into CGS/CDN signed URLs

João Pereira requested to merge registry-jwt-ids into master

What does this MR do?

Related to https://gitlab.com/gitlab-org/container-registry/-/issues/1214+.

CI tests

Both CDN and GCS integration tests are clear.

Local tests

CDN

echo "eyJraWQiOiI0NUVXOjQ2Uzc6WlZBRzpKTFpBOkNUTFY6V1Q0NzpZQkJLOkZZVEk6VURRTzpXVkFCOktRVlQ6UlhOQiIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJhY2Nlc3MiOlt7InR5cGUiOiJyZXBvc2l0b3J5IiwibmFtZSI6ImdpdGxhYi1vcmcvZ2l0bGFiLXRlc3QiLCJhY3Rpb25zIjpbInB1bGwiXSwibWV0YSI6eyJwcm9qZWN0X3BhdGgiOiJnaXRsYWItb3JnL2dpdGxhYi10ZXN0IiwicHJvamVjdF9pZCI6Miwicm9vdF9uYW1lc3BhY2VfaWQiOjI0fX1dLCJqdGkiOiI0ZGQyMTI5Yi0xNDAwLTQ3OTgtYTkxMS00ODU5NjQxZjhiODAiLCJhdWQiOiJjb250YWluZXJfcmVnaXN0cnkiLCJpc3MiOiJnaXRsYWItaXNzdWVyIiwiaWF0IjoxNzEyMTU1MTkzLCJuYmYiOjE3MTIxNTUxODgsImV4cCI6MTcxMjE1NTQ5M30.LLM525aOibhG5FMIWrtw5-y5WHIDuwBYZalloU9m9VAWRIq4Y9V1egSmEB6QuXMyiq0vkOjDVIhddvXbJOCDQMvKnlvtV_yLFSBXxtjjsrnlckMqLSVAafMTZZBZmURa45AZC26CnsPZdce7ztoegnslSoK_tZ5_5OyX-XpZ_ReJjFw-rfe235dBr-VH-l2VOR_t1H-Ewf7-WeYqKoIFuCGy1jooFJ3ZXK3IrhSRZSrm3hGkx6V11DiLADRaQR8lqI7UfCwdym0xmqkkFCFkJ2fOF0JJ0YuxMltavqtlIGyxubq0hNJ4G9GtOc-XZz0Kmc5KPvU6iW8gbkwiR-X0GA" | jwt decode -

Token header
------------
{
  "typ": "JWT",
  "alg": "RS256",
  "kid": "45EW:46S7:ZVAG:JLZA:CTLV:WT47:YBBK:FYTI:UDQO:WVAB:KQVT:RXNB"
}

Token claims
------------
{
  "access": [
    {
      "actions": [
        "pull"
      ],
      "meta": {
        "project_id": 2,
        "project_path": "gitlab-org/gitlab-test",
        "root_namespace_id": 24
      },
      "name": "gitlab-org/gitlab-test",
      "type": "repository"
    }
  ],
  "aud": "container_registry",
  "exp": 1712155493,
  "iat": 1712155193,
  "iss": "gitlab-issuer",
  "jti": "4dd2129b-1400-4798-a911-4859641f8b80",
  "nbf": 1712155188
}

❯ http  registry.test:5000/v2/gitlab-org/gitlab-test/blobs/sha256:8fc740d8c40e45ea330a3f324fe009148dfc1f771bc90254eaf8ff8bbcecfe02 Authorization:"Bearer eyJraWQiOiI0NUVXOjQ2Uzc6WlZBRzpKTFpBOkNUTFY6V1Q0NzpZQkJLOkZZVEk6VURRTzpXVkFCOktRVlQ6UlhOQiIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJhY2Nlc3MiOlt7InR5cGUiOiJyZXBvc2l0b3J5IiwibmFtZSI6ImdpdGxhYi1vcmcvZ2l0bGFiLXRlc3QiLCJhY3Rpb25zIjpbInB1bGwiXSwibWV0YSI6eyJwcm9qZWN0X3BhdGgiOiJnaXRsYWItb3JnL2dpdGxhYi10ZXN0IiwicHJvamVjdF9pZCI6Miwicm9vdF9uYW1lc3BhY2VfaWQiOjI0fX1dLCJqdGkiOiI0ZGQyMTI5Yi0xNDAwLTQ3OTgtYTkxMS00ODU5NjQxZjhiODAiLCJhdWQiOiJjb250YWluZXJfcmVnaXN0cnkiLCJpc3MiOiJnaXRsYWItaXNzdWVyIiwiaWF0IjoxNzEyMTU1MTkzLCJuYmYiOjE3MTIxNTUxODgsImV4cCI6MTcxMjE1NTQ5M30.LLM525aOibhG5FMIWrtw5-y5WHIDuwBYZalloU9m9VAWRIq4Y9V1egSmEB6QuXMyiq0vkOjDVIhddvXbJOCDQMvKnlvtV_yLFSBXxtjjsrnlckMqLSVAafMTZZBZmURa45AZC26CnsPZdce7ztoegnslSoK_tZ5_5OyX-XpZ_ReJjFw-rfe235dBr-VH-l2VOR_t1H-Ewf7-WeYqKoIFuCGy1jooFJ3ZXK3IrhSRZSrm3hGkx6V11DiLADRaQR8lqI7UfCwdym0xmqkkFCFkJ2fOF0JJ0YuxMltavqtlIGyxubq0hNJ4G9GtOc-XZz0Kmc5KPvU6iW8gbkwiR-X0GA"
HTTP/1.1 307 Temporary Redirect
Content-Length: 585
Content-Type: text/html; charset=utf-8
Date: Wed, 03 Apr 2024 14:43:27 GMT
Docker-Distribution-Api-Version: registry/2.0
Location: https://container-registry-cdn.go-gitlab.com/docker/registry/v2/blobs/sha256/8f/8fc740d8c40e45ea330a3f324fe009148dfc1f771bc90254eaf8ff8bbcecfe02/data?URLPrefix=aHR0cHM6Ly9jb250YWluZXItcmVnaXN0cnktY2RuLmdvLWdpdGxhYi5jb20vZG9ja2VyL3JlZ2lzdHJ5L3YyL2Jsb2JzL3NoYTI1Ni84Zi84ZmM3NDBkOGM0MGU0NWVhMzMwYTNmMzI0ZmUwMDkxNDhkZmMxZjc3MWJjOTAyNTRlYWY4ZmY4YmJjZWNmZTAyL2RhdGE=&Expires=1712155467&KeyName=jpereira-container-registry-key2&Signature=6R_E0ZJ-YOHqNFn4c79qGF_fBsU=&gitlab-namespace-id=24&gitlab-project-id=2&gitlab-size-bytes=1472
X-Content-Type-Options: nosniff

<a href="https://container-registry-cdn.go-gitlab.com/docker/registry/v2/blobs/sha256/8f/8fc740d8c40e45ea330a3f324fe009148dfc1f771bc90254eaf8ff8bbcecfe02/data?URLPrefix=aHR0cHM6Ly9jb250YWluZXItcmVnaXN0cnktY2RuLmdvLWdpdGxhYi5jb20vZG9ja2VyL3JlZ2lzdHJ5L3YyL2Jsb2JzL3NoYTI1Ni84Zi84ZmM3NDBkOGM0MGU0NWVhMzMwYTNmMzI0ZmUwMDkxNDhkZmMxZjc3MWJjOTAyNTRlYWY4ZmY4YmJjZWNmZTAyL2RhdGE=&amp;Expires=1712155467&amp;KeyName=jpereira-container-registry-key2&amp;Signature=6R_E0ZJ-YOHqNFn4c79qGF_fBsU=&amp;gitlab-namespace-id=24&amp;gitlab-project-id=2&amp;gitlab-size-bytes=1472">Temporary Redirect</a>.

❯ http -F registry.test:5000/v2/gitlab-org/gitlab-test/blobs/sha256:8fc740d8c40e45ea330a3f324fe009148dfc1f771bc90254eaf8ff8bbcecfe02 Authorization:"Bearer eyJraWQiOiI0NUVXOjQ2Uzc6WlZBRzpKTFpBOkNUTFY6V1Q0NzpZQkJLOkZZVEk6VURRTzpXVkFCOktRVlQ6UlhOQiIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJhY2Nlc3MiOlt7InR5cGUiOiJyZXBvc2l0b3J5IiwibmFtZSI6ImdpdGxhYi1vcmcvZ2l0bGFiLXRlc3QiLCJhY3Rpb25zIjpbInB1bGwiXSwibWV0YSI6eyJwcm9qZWN0X3BhdGgiOiJnaXRsYWItb3JnL2dpdGxhYi10ZXN0IiwicHJvamVjdF9pZCI6Miwicm9vdF9uYW1lc3BhY2VfaWQiOjI0fX1dLCJqdGkiOiI0ZGQyMTI5Yi0xNDAwLTQ3OTgtYTkxMS00ODU5NjQxZjhiODAiLCJhdWQiOiJjb250YWluZXJfcmVnaXN0cnkiLCJpc3MiOiJnaXRsYWItaXNzdWVyIiwiaWF0IjoxNzEyMTU1MTkzLCJuYmYiOjE3MTIxNTUxODgsImV4cCI6MTcxMjE1NTQ5M30.LLM525aOibhG5FMIWrtw5-y5WHIDuwBYZalloU9m9VAWRIq4Y9V1egSmEB6QuXMyiq0vkOjDVIhddvXbJOCDQMvKnlvtV_yLFSBXxtjjsrnlckMqLSVAafMTZZBZmURa45AZC26CnsPZdce7ztoegnslSoK_tZ5_5OyX-XpZ_ReJjFw-rfe235dBr-VH-l2VOR_t1H-Ewf7-WeYqKoIFuCGy1jooFJ3ZXK3IrhSRZSrm3hGkx6V11DiLADRaQR8lqI7UfCwdym0xmqkkFCFkJ2fOF0JJ0YuxMltavqtlIGyxubq0hNJ4G9GtOc-XZz0Kmc5KPvU6iW8gbkwiR-X0GA" | sha256sum
8fc740d8c40e45ea330a3f324fe009148dfc1f771bc90254eaf8ff8bbcecfe02  -

GCS

❯ http  registry.test:5000/v2/gitlab-org/gitlab-test/blobs/sha256:8fc740d8c40e45ea330a3f324fe009148dfc1f771bc90254eaf8ff8bbcecfe02 Authorization:"Bearer eyJraWQiOiI0NUVXOjQ2Uzc6WlZBRzpKTFpBOkNUTFY6V1Q0NzpZQkJLOkZZVEk6VURRTzpXVkFCOktRVlQ6UlhOQiIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJhY2Nlc3MiOlt7InR5cGUiOiJyZXBvc2l0b3J5IiwibmFtZSI6ImdpdGxhYi1vcmcvZ2l0bGFiLXRlc3QiLCJhY3Rpb25zIjpbInB1bGwiXSwibWV0YSI6eyJwcm9qZWN0X3BhdGgiOiJnaXRsYWItb3JnL2dpdGxhYi10ZXN0IiwicHJvamVjdF9pZCI6Miwicm9vdF9uYW1lc3BhY2VfaWQiOjI0fX1dLCJqdGkiOiI0ZGQyMTI5Yi0xNDAwLTQ3OTgtYTkxMS00ODU5NjQxZjhiODAiLCJhdWQiOiJjb250YWluZXJfcmVnaXN0cnkiLCJpc3MiOiJnaXRsYWItaXNzdWVyIiwiaWF0IjoxNzEyMTU1MTkzLCJuYmYiOjE3MTIxNTUxODgsImV4cCI6MTcxMjE1NTQ5M30.LLM525aOibhG5FMIWrtw5-y5WHIDuwBYZalloU9m9VAWRIq4Y9V1egSmEB6QuXMyiq0vkOjDVIhddvXbJOCDQMvKnlvtV_yLFSBXxtjjsrnlckMqLSVAafMTZZBZmURa45AZC26CnsPZdce7ztoegnslSoK_tZ5_5OyX-XpZ_ReJjFw-rfe235dBr-VH-l2VOR_t1H-Ewf7-WeYqKoIFuCGy1jooFJ3ZXK3IrhSRZSrm3hGkx6V11DiLADRaQR8lqI7UfCwdym0xmqkkFCFkJ2fOF0JJ0YuxMltavqtlIGyxubq0hNJ4G9GtOc-XZz0Kmc5KPvU6iW8gbkwiR-X0GA"
HTTP/1.1 307 Temporary Redirect
Content-Length: 1120
Content-Type: text/html; charset=utf-8
Date: Wed, 03 Apr 2024 14:44:15 GMT
Docker-Distribution-Api-Version: registry/2.0
Location: https://storage.googleapis.com/jpereira-container-registry/docker/registry/v2/blobs/sha256/8f/8fc740d8c40e45ea330a3f324fe009148dfc1f771bc90254eaf8ff8bbcecfe02/data?X-Goog-Algorithm=GOOG4-RSA-SHA256&X-Goog-Credential=container-registry%40jpereira-b5d4149e.iam.gserviceaccount.com%2F20240403%2Fauto%2Fstorage%2Fgoog4_request&X-Goog-Date=20240403T144415Z&X-Goog-Expires=299&X-Goog-Signature=5b2bae5a86f77396fb657eface085cdac4b5debc9333aaad3b58ed27005e3957df0db2964ba8e2432ad6a16bffaff9bcba4b4278377b224d2ccc066f93db4e9b27f0e4102efe5ffac02fda6d42bc4f3b77e824c84ecbfcad67ac0aaed89a0ae78b685d201640de4f2798aef8d24f59e348b9c94ac942ce438c2a0706946b2497a54dd8e7637e6743364b9e89c6409503c932af1929f74d1b4e27972568a3163e47a5852576d935310161b2b72bbd52924c456bc7bc7f08dd229852814a17675c6268c9309a153a1bbbcd3e2cc746137cd53a833d638c1ecd9d8f5909b516b3cb894b16e963c3d4c6b7ac6b551c9414d47e6be6ad88eade10dd3abee63a6f4d03&X-Goog-SignedHeaders=host&x-goog-custom-audit-gitlab-namespace-id=24&x-goog-custom-audit-gitlab-project-id=2&x-goog-custom-audit-gitlab-size-bytes=1472
X-Content-Type-Options: nosniff

<a href="https://storage.googleapis.com/jpereira-container-registry/docker/registry/v2/blobs/sha256/8f/8fc740d8c40e45ea330a3f324fe009148dfc1f771bc90254eaf8ff8bbcecfe02/data?X-Goog-Algorithm=GOOG4-RSA-SHA256&amp;X-Goog-Credential=container-registry%40jpereira-b5d4149e.iam.gserviceaccount.com%2F20240403%2Fauto%2Fstorage%2Fgoog4_request&amp;X-Goog-Date=20240403T144415Z&amp;X-Goog-Expires=299&amp;X-Goog-Signature=5b2bae5a86f77396fb657eface085cdac4b5debc9333aaad3b58ed27005e3957df0db2964ba8e2432ad6a16bffaff9bcba4b4278377b224d2ccc066f93db4e9b27f0e4102efe5ffac02fda6d42bc4f3b77e824c84ecbfcad67ac0aaed89a0ae78b685d201640de4f2798aef8d24f59e348b9c94ac942ce438c2a0706946b2497a54dd8e7637e6743364b9e89c6409503c932af1929f74d1b4e27972568a3163e47a5852576d935310161b2b72bbd52924c456bc7bc7f08dd229852814a17675c6268c9309a153a1bbbcd3e2cc746137cd53a833d638c1ecd9d8f5909b516b3cb894b16e963c3d4c6b7ac6b551c9414d47e6be6ad88eade10dd3abee63a6f4d03&amp;X-Goog-SignedHeaders=host&amp;x-goog-custom-audit-gitlab-namespace-id=24&amp;x-goog-custom-audit-gitlab-project-id=2&amp;x-goog-custom-audit-gitlab-size-bytes=1472">Temporary Redirect</a>.


❯ http -F registry.test:5000/v2/gitlab-org/gitlab-test/blobs/sha256:8fc740d8c40e45ea330a3f324fe009148dfc1f771bc90254eaf8ff8bbcecfe02 Authorization:"Bearer eyJraWQiOiI0NUVXOjQ2Uzc6WlZBRzpKTFpBOkNUTFY6V1Q0NzpZQkJLOkZZVEk6VURRTzpXVkFCOktRVlQ6UlhOQiIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJhY2Nlc3MiOlt7InR5cGUiOiJyZXBvc2l0b3J5IiwibmFtZSI6ImdpdGxhYi1vcmcvZ2l0bGFiLXRlc3QiLCJhY3Rpb25zIjpbInB1bGwiXSwibWV0YSI6eyJwcm9qZWN0X3BhdGgiOiJnaXRsYWItb3JnL2dpdGxhYi10ZXN0IiwicHJvamVjdF9pZCI6Miwicm9vdF9uYW1lc3BhY2VfaWQiOjI0fX1dLCJqdGkiOiI0ZGQyMTI5Yi0xNDAwLTQ3OTgtYTkxMS00ODU5NjQxZjhiODAiLCJhdWQiOiJjb250YWluZXJfcmVnaXN0cnkiLCJpc3MiOiJnaXRsYWItaXNzdWVyIiwiaWF0IjoxNzEyMTU1MTkzLCJuYmYiOjE3MTIxNTUxODgsImV4cCI6MTcxMjE1NTQ5M30.LLM525aOibhG5FMIWrtw5-y5WHIDuwBYZalloU9m9VAWRIq4Y9V1egSmEB6QuXMyiq0vkOjDVIhddvXbJOCDQMvKnlvtV_yLFSBXxtjjsrnlckMqLSVAafMTZZBZmURa45AZC26CnsPZdce7ztoegnslSoK_tZ5_5OyX-XpZ_ReJjFw-rfe235dBr-VH-l2VOR_t1H-Ewf7-WeYqKoIFuCGy1jooFJ3ZXK3IrhSRZSrm3hGkx6V11DiLADRaQR8lqI7UfCwdym0xmqkkFCFkJ2fOF0JJ0YuxMltavqtlIGyxubq0hNJ4G9GtOc-XZz0Kmc5KPvU6iW8gbkwiR-X0GA" | sha256sum
8fc740d8c40e45ea330a3f324fe009148dfc1f771bc90254eaf8ff8bbcecfe02  -

Large IDs

Out of curiosity, also tried with a really big number (upper limit for int64 on 64 bits hosts):

echo "eyJraWQiOiI0NUVXOjQ2Uzc6WlZBRzpKTFpBOkNUTFY6V1Q0NzpZQkJLOkZZVEk6VURRTzpXVkFCOktRVlQ6UlhOQiIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJhY2Nlc3MiOlt7InR5cGUiOiJyZXBvc2l0b3J5IiwibmFtZSI6ImdpdGxhYi1vcmcvZ2l0bGFiLXRlc3QiLCJhY3Rpb25zIjpbInB1bGwiXSwibWV0YSI6eyJwcm9qZWN0X3BhdGgiOiJnaXRsYWItb3JnL2dpdGxhYi10ZXN0IiwicHJvamVjdF9pZCI6OTIyMzM3MjAzNjg1NDc3NTgwNywicm9vdF9uYW1lc3BhY2VfaWQiOjI0fX1dLCJqdGkiOiJhZjlhYmNiYS0wMzBkLTRlMjgtYWQzOC1mODI5NWM5ZTg2MDYiLCJhdWQiOiJjb250YWluZXJfcmVnaXN0cnkiLCJpc3MiOiJnaXRsYWItaXNzdWVyIiwiaWF0IjoxNzEyMTU1NjI3LCJuYmYiOjE3MTIxNTU2MjIsImV4cCI6MTcxMjE1NTkyN30.CgT3nNVwTh7hymPBZE2IUD50Y70Cn0aDbNEUJ8QTi-DzRksSny978D6TFieDC0EEY6yuiXccLfaa1eNl06xq-e547MEopQtwAc9AZjsCA8EAnwKUIhmJcSebdmCQBsGmeruCaYTGvc47yojqLdd5V31qkHTROV9TPlQcoNhxRnCYxtEFqt4XZL2g8bUf97ZXGWCurj6RAfjZVDAgYkFskevQpoXcdR-LtiaMJQ3XPXaslqhff2pjr_ARhtOHsEuRDbZcx3FQwVAyKcQ6nhcVo08AMkIkdo9sm26AQhqN5DGGXXK_at85lL03jUY3kwND6jVvUTdgeQK66HJxYYNr5Q" | jwt decode -

Token header
------------
{
  "typ": "JWT",
  "alg": "RS256",
  "kid": "45EW:46S7:ZVAG:JLZA:CTLV:WT47:YBBK:FYTI:UDQO:WVAB:KQVT:RXNB"
}

Token claims
------------
{
  "access": [
    {
      "actions": [
        "pull"
      ],
      "meta": {
        "project_id": 9223372036854775807,
        "project_path": "gitlab-org/gitlab-test",
        "root_namespace_id": 24
      },
      "name": "gitlab-org/gitlab-test",
      "type": "repository"
    }
  ],
  "aud": "container_registry",
  "exp": 1712155927,
  "iat": 1712155627,
  "iss": "gitlab-issuer",
  "jti": "af9abcba-030d-4e28-ad38-f8295c9e8606",
  "nbf": 1712155622
}

❯ http  registry.test:5000/v2/gitlab-org/gitlab-test/blobs/sha256:8fc740d8c40e45ea330a3f324fe009148dfc1f771bc90254eaf8ff8bbcecfe02 Authorization:"Bearer eyJraWQiOiI0NUVXOjQ2Uzc6WlZBRzpKTFpBOkNUTFY6V1Q0NzpZQkJLOkZZVEk6VURRTzpXVkFCOktRVlQ6UlhOQiIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJhY2Nlc3MiOlt7InR5cGUiOiJyZXBvc2l0b3J5IiwibmFtZSI6ImdpdGxhYi1vcmcvZ2l0bGFiLXRlc3QiLCJhY3Rpb25zIjpbInB1bGwiXSwibWV0YSI6eyJwcm9qZWN0X3BhdGgiOiJnaXRsYWItb3JnL2dpdGxhYi10ZXN0IiwicHJvamVjdF9pZCI6OTIyMzM3MjAzNjg1NDc3NTgwNywicm9vdF9uYW1lc3BhY2VfaWQiOjI0fX1dLCJqdGkiOiJhZjlhYmNiYS0wMzBkLTRlMjgtYWQzOC1mODI5NWM5ZTg2MDYiLCJhdWQiOiJjb250YWluZXJfcmVnaXN0cnkiLCJpc3MiOiJnaXRsYWItaXNzdWVyIiwiaWF0IjoxNzEyMTU1NjI3LCJuYmYiOjE3MTIxNTU2MjIsImV4cCI6MTcxMjE1NTkyN30.CgT3nNVwTh7hymPBZE2IUD50Y70Cn0aDbNEUJ8QTi-DzRksSny978D6TFieDC0EEY6yuiXccLfaa1eNl06xq-e547MEopQtwAc9AZjsCA8EAnwKUIhmJcSebdmCQBsGmeruCaYTGvc47yojqLdd5V31qkHTROV9TPlQcoNhxRnCYxtEFqt4XZL2g8bUf97ZXGWCurj6RAfjZVDAgYkFskevQpoXcdR-LtiaMJQ3XPXaslqhff2pjr_ARhtOHsEuRDbZcx3FQwVAyKcQ6nhcVo08AMkIkdo9sm26AQhqN5DGGXXK_at85lL03jUY3kwND6jVvUTdgeQK66HJxYYNr5Q"
HTTP/1.1 307 Temporary Redirect
Content-Length: 1138
Content-Type: text/html; charset=utf-8
Date: Wed, 03 Apr 2024 14:47:41 GMT
Docker-Distribution-Api-Version: registry/2.0
Location: https://storage.googleapis.com/jpereira-container-registry/docker/registry/v2/blobs/sha256/8f/8fc740d8c40e45ea330a3f324fe009148dfc1f771bc90254eaf8ff8bbcecfe02/data?X-Goog-Algorithm=GOOG4-RSA-SHA256&X-Goog-Credential=container-registry%40jpereira-b5d4149e.iam.gserviceaccount.com%2F20240403%2Fauto%2Fstorage%2Fgoog4_request&X-Goog-Date=20240403T144741Z&X-Goog-Expires=299&X-Goog-Signature=64daa586329184e4231b04dbc54bcf5a439538c93ca0bdc8c68938d235603c453c08ecdbaf2822c4a8668c95d51b3385bcdacf5185f27197ea2c8332d7a30c226228db7c004670a646e8ff1a1ddba4a6f7da798646fc15c1ac44bfd2db74981d32d80bda6fdb3e2585e671b09d7b31478211254c550982dcca8252bc50bfe5114d4b7177cc6c182d9fbafe884e7ab99e80723c62f2cf97990014999db73454802a535bd9a21ca5d68b7f7fd043d46d7af9519107be3741c94c19d15af3d75ead4e70dff6eced6312eef460305e6f1232773b75047d0537d7f0c56d1be28368fbc524e0c02dbcafbd3dcac198c9ba31091e9295e7f5cb0b33151c5c4c4e9e79c1&X-Goog-SignedHeaders=host&x-goog-custom-audit-gitlab-namespace-id=24&x-goog-custom-audit-gitlab-project-id=9223372036854775807&x-goog-custom-audit-gitlab-size-bytes=1472
X-Content-Type-Options: nosniff

<a href="https://storage.googleapis.com/jpereira-container-registry/docker/registry/v2/blobs/sha256/8f/8fc740d8c40e45ea330a3f324fe009148dfc1f771bc90254eaf8ff8bbcecfe02/data?X-Goog-Algorithm=GOOG4-RSA-SHA256&amp;X-Goog-Credential=container-registry%40jpereira-b5d4149e.iam.gserviceaccount.com%2F20240403%2Fauto%2Fstorage%2Fgoog4_request&amp;X-Goog-Date=20240403T144741Z&amp;X-Goog-Expires=299&amp;X-Goog-Signature=64daa586329184e4231b04dbc54bcf5a439538c93ca0bdc8c68938d235603c453c08ecdbaf2822c4a8668c95d51b3385bcdacf5185f27197ea2c8332d7a30c226228db7c004670a646e8ff1a1ddba4a6f7da798646fc15c1ac44bfd2db74981d32d80bda6fdb3e2585e671b09d7b31478211254c550982dcca8252bc50bfe5114d4b7177cc6c182d9fbafe884e7ab99e80723c62f2cf97990014999db73454802a535bd9a21ca5d68b7f7fd043d46d7af9519107be3741c94c19d15af3d75ead4e70dff6eced6312eef460305e6f1232773b75047d0537d7f0c56d1be28368fbc524e0c02dbcafbd3dcac198c9ba31091e9295e7f5cb0b33151c5c4c4e9e79c1&amp;X-Goog-SignedHeaders=host&amp;x-goog-custom-audit-gitlab-namespace-id=24&amp;x-goog-custom-audit-gitlab-project-id=9223372036854775807&amp;x-goog-custom-audit-gitlab-size-bytes=1472">Temporary Redirect</a>.

Author checklist

  • Feature flags
    • Added feature flag:
    • This feature does not require a feature flag
  • I added unit tests or they are not required
  • I added documentation (or it's not required)
  • I followed code review guidelines
  • I followed Go Style guidelines
  • For database changes including schema migrations:
    • Manually run up and down migrations in a postgres.ai production database clone and post a screenshot of the result here.
    • If adding new queries, extract a query plan from postgres.ai and post the link here. If changing existing queries, also extract a query plan for the current version for comparison.
      • I do not have access to postgres.ai and have made a comment on this MR asking for these to be run on my behalf.
    • Do not include code that depends on the schema migrations in the same commit. Split the MR into two or more.
  • Ensured this change is safe to deploy to individual stages in the same environment (cny -> prod). State-related changes can be troublesome due to having parts of the fleet processing (possibly related) requests in different ways.

Reviewer checklist

  • Ensure the commit and MR tittle are still accurate.
  • If the change contains a breaking change, apply the breaking change label.
  • If the change is considered high risk, apply the label high-risk-change
  • Identify if the change can be rolled back safely. (note: all other reasons for not being able to rollback will be sufficiently captured by major version changes).

If the MR introduces database schema migrations:

  • Ensure the commit and MR tittle start with fix:, feat:, or perf: so that the change appears on the Changelog
If the changes cannot be rolled back follow these steps:
  • If not, apply the label cannot-rollback.
  • Add a section to the MR description that includes the following details:
    • The reasoning behind why a release containing the presented MR can not be rolled back (e.g. schema migrations or changes to the FS structure)
    • Detailed steps to revert/disable a feature introduced by the same change where a migration cannot be rolled back. (note: ideally MRs containing schema migrations should not contain feature changes.)
    • Ensure this MR does not add code that depends on these changes that cannot be rolled back.
Edited by João Pereira

Merge request reports