Allow container registry with disabled repository
requested to merge gitlab-community/gitlab:349179-allow-registry-with-disabled-repository into master
What does this MR do and why?
Allow container registry with disabled repository
https://docs.gitlab.com/ee/user/project/deploy_tokens/#pull-images-from-a-container-registry does not mention the requirement of having the repository enabled.
The doc link from the security HackerOne report leads to a section which does not exist anymore.
The container registry toggle is also not listed in the repository section anymore.
Screenshots or screen recordings
No UI changes.
Before | After |
---|---|
How to set up and validate locally
- Have the container registry enabled
- Create a
root/registry
project - Pull a random image that you can push (e.g.
alpine
) and tag it for the registry (docker image tag alpine 127.0.0.1:5000/root/registry
) - Disable the repository in the
root/registry
project - Push the image to the project (
docker push 127.0.0.1:5000/root/registry
) - Pull the image from the project (
docker pull 127.0.0.1:5000/root/registry
) - In both cases, you should have a success and no error caused by something being forbidden
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR. -
Review and approval from Application Security Team member (@greg)
Related to #349179 (closed)
Edited by Greg Myers