GitLab Next

Menu

/
Help
Sign in / Register

GitLab
Project information
- Project information
- Activity
- Labels
- Members
Repository
- Repository
- Files
- Commits
- Branches
- Tags
- Contributors
- Graph
- Compare
- Locked Files
Issues 44,058
- Issues 44,058
- List
- Boards
- Service Desk
- Milestones
- Iterations
- Requirements
Merge requests 1,304
- Merge requests 1,304
CI/CD
- CI/CD
- Pipelines
- Jobs
- Schedules
- Test Cases
Deployments
- Deployments
- Environments
- Releases
Packages & Registries
- Packages & Registries
- Package Registry
- Container Registry
- Infrastructure Registry
Monitor
- Monitor
- Metrics
- Incidents
Analytics
- Analytics
- Value stream
- CI/CD
- Code review
- Insights
- Issue
- Repository
Snippets
- Snippets
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards

Collapse sidebar

GitLab.org
GitLab
Issues
#18792

Closed

Open

Created Jul 16, 2017 by Richard Brinkman @richardbrinkman18 of 21 checklist items completed18/21 checklist items

option to define access to the container registry

Description

Currently you can either enable or disable the Docker registry. It is currently not possible for a public project for which the git repository is restricted to members only, to have a Docker registry that is also members only.

Proposal

Add an option "Registry"under Settings -> Project Visibility, just underneath "Repository" with the options Disabled, Only Team members and Public.

Overview

Why should someone use this feature? If you have closed source or non-free software you don't want to make either the source code or the derived Docker image available to the public. But that should not resist you in sharing the Docker images with your team mates. Even making the project completely private still exposes the registry.

How do you use this feature? I'm developing a php website which is not suitable to be open sourced. I do want to have a public issue tracker, so the visiblity of my project is set to public, but the git repository is set to member only. With Gitlab CI I create a docker image of my code. I would like to have my web server (which may login with my credentials) be able to pull from the gitlab registry.

Feature checklist

Make sure these are completed before closing the issue, with a link to the relevant commit.

Feature assurance
Documentation
Added to features.yml

Implementation

Create the new column project_features.container_registry_access_level - !54831 (merged)
Background migration to move values from projects.container_registry_enabled to project_features.container_registry_access_level. This needed to be rescheduled a couple of times.
Cleanup migration - !56626 (merged)
Modify project policies to check project_features.container_registry_access_level instead of projects.container_registry_enabled - !55071 (merged)
Ensure that all locations where we check if the container registry is enabled should be changed to check if the container registry is enabled for the current user/actor.
Update code to write directly to project_features.container_registry_access_level. This does not include APIs, so that users cannot yet set container registry visibility to private. - !62663 (merged)
Update specs to consider that container registry visibility can now be independent of project visibility. - !65831 (merged)
Update the APIs (internal, public) to allow users to write to project_features.container_registry_access_level. This will allow users to set container registry visibility to private.
- !67208 (merged)
- !62662 (merged)
Update our settings UI to have a dropdown allowing users to set container registry visibility. - !55079 (merged)
Add additional documentation - !67413 (merged).

Edited Aug 12, 2021 by Tim Rizzi

Assignee

Assign to

Time tracking