Container Registry: Improve error message when exceeding depth limit

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Context

We currently have a depth limit of 2 for suffixes (past the git repository path) in container repository paths as described here.

Problem

Users are seeing a generic error message when attempting to push to a path that exceeds the depth limit. Example:

$ docker push 172.16.123.1:5000/gitlab-org/cleanup-policy/testing/hello-world/nginx:1.7
The push refers to repository [172.16.123.1:5000/gitlab-org/cleanup-policy/testing/hello-world/nginx]
5f70bf18a086: Preparing 
cd9998b3295c: Preparing 
8c7c8afff4ed: Preparing 
709ae643fc17: Preparing 
2c218c6b1401: Preparing 
15adc956471e: Waiting 
cabf38f3578f: Waiting 
denied: requested access to the resource is denied

Note the denied: requested access to the resource is denied message, which is opaque.

Solution

We're limited in the amount of details we can surface to users in case of error, as there are multiple clients tools between the registry and the end user which behave differently. However, we should determine:

1. Where this specific error is being raised (Rails or registry side). This error should be dealt with on the Rails side during the auth flow.
2. If we can make the error message more specific about the actual problem.