Do not allow write operations on delete scheduled container repositories
🔥 Problem
Found while investigating #217702 (closed), when a container repository is destroyed by the user, the container repository will:
- put in the
delete_scheduled
status immediately. - a background job will pick up the container repository to actually destroy it.
#217702 (closed) is making (2.) more reliable. The situation we found is that during (1.) and (2.), users could still push tags to the container repository.
If the container repository is marked for destruction, any write operation should not be allowed so that the amount of work that the backend needs to do to remove the container repository is fixed. Eg. if users keep adding tags = that more deletes that the backend needs to go through.
Implementation Guide
- Put the container repository in read only mode if its status is
delete_scheduled
. - Re-use the read only mode logic used during the data migration with the
importing
migration state. - Make sure that the authentication fails with the right message. Something along these lines:
You can't push tags to this container repository. It has been scheduled for removal.
- Bonus, exclude them from cleanup policies execution.
Edited by Michelle Torres