Use bearer token to access registry

author: Kamil Trzcinski <ayufan@ayufan.eu> 2016-05-04 16:17:08 +0200
committer: Kamil Trzcinski <ayufan@ayufan.eu> 2016-05-04 16:17:08 +0200
commit: 7731bb59c8d43cfa7e47c945d7aed05e5e3932c1 (patch)
tree: 9cf36b3388b24100d9f0cfcf40e6b95cdb492a48 /app/services
parent: de008127eb9a7a14b06b2e4a3d3d1822ad6a54d7 (diff)
download: gitlab-ce-7731bb59c8d43cfa7e47c945d7aed05e5e3932c1.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/app/services/jwt/docker_authentication_service.rb b/app/services/jwt/docker_authentication_service.rb
index ce28085e5d6..16d77193a1e 100644
--- a/app/services/jwt/docker_authentication_service.rb
+++ b/app/services/jwt/docker_authentication_service.rb
@@ -8,6 +8,17 @@ module Jwt
       { token: token.encoded }
     end
 
+    def self.full_access_token(*names)
+      registry = Gitlab.config.registry
+      token = ::Jwt::RSAToken.new(registry.key)
+      token.issuer = registry.issuer
+      token.audience = 'docker'
+      token[:access] = names.map do |name|
+        { type: 'repository', name: name, actions: %w(pull push) }
+      end
+      token.encoded
+    end
+
     private
 
     def token
author	Kamil Trzcinski <ayufan@ayufan.eu>	2016-05-04 16:17:08 +0200
committer	Kamil Trzcinski <ayufan@ayufan.eu>	2016-05-04 16:17:08 +0200
commit	7731bb59c8d43cfa7e47c945d7aed05e5e3932c1 (patch)
tree	9cf36b3388b24100d9f0cfcf40e6b95cdb492a48 /app/services
parent	de008127eb9a7a14b06b2e4a3d3d1822ad6a54d7 (diff)
download	gitlab-ce-7731bb59c8d43cfa7e47c945d7aed05e5e3932c1.tar.gz