Update artifact registry details resolver permission
🌑 Context
In Get Google Cloud Artifact Registry artifact det... (!145164 - merged), we added a new GraphQL for the artifact registry support: get the details of a docker image.
Parallel to that, in Introduce dedicated permission for Google Cloud... (!145264 - merged), we refactored the permission that gates the artifact registry features and introduced a new one: read_google_cloud_artifact_registry
.
Unfortunately, both MRs were merged at the same time. Which means that the new GraphQL query is still using the previous permission (read_container_image
).
This MR fixes that part. This is part of GAR Integration: Add permission to read artifac... (#436652 - closed).
⚙ What does this MR do and why?
- Update the artifact registry details resolver to use the permission
read_google_cloud_artifact_registry
. - Update the related specs.
- Took this opportunity to add additional rspec examples: an anonymous user on a public project should not have access to the artifact registry.
The google cloud support work is still in progress and behind a feature flag.
🏎 MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
🦄 Screenshots or screen recordings
No changes in the UI.
⚗ How to set up and validate locally
See !145164 (merged)