From 7731bb59c8d43cfa7e47c945d7aed05e5e3932c1 Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Wed, 4 May 2016 16:17:08 +0200
Subject: Use bearer token to access registry

---
 app/services/jwt/docker_authentication_service.rb | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'app/services')

diff --git a/app/services/jwt/docker_authentication_service.rb b/app/services/jwt/docker_authentication_service.rb
index ce28085e5d6..16d77193a1e 100644
--- a/app/services/jwt/docker_authentication_service.rb
+++ b/app/services/jwt/docker_authentication_service.rb
@@ -8,6 +8,17 @@ module Jwt
       { token: token.encoded }
     end
 
+    def self.full_access_token(*names)
+      registry = Gitlab.config.registry
+      token = ::Jwt::RSAToken.new(registry.key)
+      token.issuer = registry.issuer
+      token.audience = 'docker'
+      token[:access] = names.map do |name|
+        { type: 'repository', name: name, actions: %w(pull push) }
+      end
+      token.encoded
+    end
+
     private
 
     def token
-- 
cgit v1.2.1