Clarify write_registry permission
What does this MR do and why?
- Clarifies the wording for
DeployTokens'swrite_registrypermission, that the permission iswriteonly, and does not includereadpermissions scope.
Limiting scopes of a deploy token references this and clarifies that the write_registry permission only allows write access. Checking this manually the token only grants write access, not read, therefore the UI entry needs to be updated to reflect that.
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
Step 1: Create a repository
Step 2: Create a key that only has write_registry permission
Step 3: Build a Dockerfile and try to pull the image with the above credentials
Example:
echo -e "\e[31mLogin with write-only token\e[0m"
podman login -u $WRITE_ONLY_USER -p $WRITE_ONLY_PASS registry.gitlab.com
echo -e "\e[31mCheck if write-only token can read\e[0m"
podman pull registry.gitlab.com/$USERNAME/$PROJECT:latestMR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.