Merge branch '26763-grant-registry-auth-scope-to-admins' into 'master'

Issue JWT token with registry:catalog:* scope when requested by GitLab admin

Closes #26763 and #18392

See merge request gitlab-org/gitlab-ce!14751

1 files changed, 14 insertions, 3 deletions

diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb
index 9a636346899..f40cd2b06c8 100644
--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -56,11 +56,22 @@ module Auth
     def process_scope(scope)
       type, name, actions = scope.split(':', 3)
       actions = actions.split(',')
-      path = ContainerRegistry::Path.new(name)
 
-      return unless type == 'repository'
+      case type
+      when 'registry'
+        process_registry_access(type, name, actions)
+      when 'repository'
+        path = ContainerRegistry::Path.new(name)
+        process_repository_access(type, path, actions)
+      end
+    end
+
+    def process_registry_access(type, name, actions)
+      return unless current_user&.admin?
+      return unless name == 'catalog'
+      return unless actions == ['*']
 
-      process_repository_access(type, path, actions)
+      { type: type, name: name, actions: ['*'] }
     end
 
     def process_repository_access(type, path, actions)