Skip to content

Call rename endpoint with push/pull token in GitlabAPIClient

Adie (she/her) requested to merge 423995-allow-gitlab-client-call-rename-endpoint into master

Overview

In container-registry#894 (closed) and container-registry#895 (closed), a new API endpoint to rename base repositories have been added to the Container Registry.

In this MR, we allow GitlabApiClient to call this new API endpoint with a push/pull token as the registry endpoint will only allow requests from JWTs with pull scopes: {{repository-path}}/*, {{repository-path}} AND push scope: {{repository-path}}.

You can find the documentation to the API endpoint here: https://gitlab.com/gitlab-org/container-registry/-/blob/master/docs-gitlab/api.md#rename-base-repository. From the documentation, we can see that we can pass a dry_run option to the API endpoint and we also support that in this MR.

In a succeeding PR, we will use this new function in the GitlabApiClient in the actual rename operation.

Note: To run this, the metadata database should be setup and redis should be connected as well.

Metadata database: local development setup guide

How to set up and validate locally

  1. In the Rails Console, get a project 
    project = Project.last
  2. We then call the rename API endpoint via GitlabApiClient. We first try it with setting the dry_run parameter to true. 
    ContainerRegistry::GitlabApiClient.rename_base_repository_path(project.full_path, name: "newname", dry_run: true)
  3. When successful, the command above should return: 
    :lease_accepted
  4. We can then try to execute the operation by setting dry_run to false. 
    ContainerRegistry::GitlabApiClient.rename_base_repository_path(project.full_path, name: "newname", dry_run: false)
  5. And this should return an :ok: 
    :ok
  6. We can then check in the database of the registry the changed name. Access the psql command, enter the registry database, and query for the container repositories. The new name should now reflect. 
    psql -U postgres
\c registry_dev
select * from repositories;

Example Run

project = Project.last
ContainerRegistry::GitlabApiClient.rename_base_repository_path(project.full_path, name: "newname", dry_run: true)
# => :lease_accepted

The change is not yet made due to dry_run: true and if we check the registry database, we can still see the original project name:

registry_dev=# select * from repositories;
 id | top_level_namespace_id | parent_id |          created_at           | updated_at |  name  |         path         | deleted_at
----+------------------------+-----------+-------------------------------+------------+--------+----------------------+------------
  2 |                      2 |           | 2023-10-01 13:52:21.505244+02 |            | proj-1 | october-group/proj-1 |

With:

ContainerRegistry::GitlabApiClient.rename_base_repository_path(project.full_path, name: "newname", dry_run: false)
# => :ok

The change has been persisted and querying for the project again, we see its updated name 😊

 registry_dev=# select * from repositories;
 id | top_level_namespace_id | parent_id |          created_at           | updated_at |  name   |         path          | deleted_at
----+------------------------+-----------+-------------------------------+------------+---------+-----------------------+------------
  2 |                      2 |           | 2023-10-01 13:52:21.505244+02 |            | newname | october-group/newname |

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #423995 (closed)

Edited by Adie (she/her)

Merge request reports