Update artifact registry details resolver permission (!146018) · Merge requests · GitLab.org / GitLab

David Fernandez requested to merge 436652-follow-up into master Feb 28, 2024

🌑 Context

In Get Google Cloud Artifact Registry artifact det... (!145164 - merged), we added a new GraphQL for the artifact registry support: get the details of a docker image.

Parallel to that, in Introduce dedicated permission for Google Cloud... (!145264 - merged), we refactored the permission that gates the artifact registry features and introduced a new one: read_google_cloud_artifact_registry.

Unfortunately, both MRs were merged at the same time. Which means that the new GraphQL query is still using the previous permission (read_container_image).

This MR fixes that part. This is part of GAR Integration: Add permission to read artifac... (#436652 - closed).

⚙ What does this MR do and why?

Update the artifact registry details resolver to use the permission read_google_cloud_artifact_registry.
Update the related specs.
- Took this opportunity to add additional rspec examples: an anonymous user on a public project should not have access to the artifact registry.

The google cloud support work is still in progress and behind a feature flag.

🏎 MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

✅

🦄 Screenshots or screen recordings

No changes in the UI.

⚗ How to set up and validate locally

See !145164 (merged)

Edited Feb 28, 2024 by David Fernandez

Update artifact registry details resolver permission

🌑 Context

⚙ What does this MR do and why?

🏎 MR acceptance checklist

🦄 Screenshots or screen recordings

⚗ How to set up and validate locally

Merge request reports