Add support for deleting images in registry 2.7

author: Peter Bábics <peter.ntx@gmail.com> 2019-03-07 14:14:54 +0300
committer: Peter Bábics <peter.ntx@gmail.com> 2019-03-19 01:04:29 +0300
commit: eadee27a3f9753d446a7e29c1a24eb773443f1d7 (patch)
tree: a3693544a74284d47e8f767788e91568327526b7 /spec/services
parent: 5c59ff3df2c50696cbffffe38a82c8767d3e2a88 (diff)
1 files changed, 93 insertions, 0 deletions
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb
index 8021bd338e0..c9d85e96750 100644
--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -88,6 +88,12 @@ describe Auth::ContainerRegistryAuthenticationService do
     end
   end
 
+  shared_examples 'a deletable since registry 2.7' do
+    it_behaves_like 'an accessible' do
+      let(:actions) { ['delete'] }
+    end
+  end
+
   shared_examples 'a pullable' do
     it_behaves_like 'an accessible' do
       let(:actions) { ['pull'] }
@@ -184,6 +190,19 @@ describe Auth::ContainerRegistryAuthenticationService do
         it_behaves_like 'not a container repository factory'
       end
 
+      context 'disallow developer to delete images since registry 2.7' do
+        before do
+          project.add_developer(current_user)
+        end
+
+        let(:current_params) do
+          { scopes: ["repository:#{project.full_path}:delete"] }
+        end
+
+        it_behaves_like 'an inaccessible'
+        it_behaves_like 'not a container repository factory'
+      end
+
       context 'allow reporter to pull images' do
         before do
           project.add_reporter(current_user)
@@ -212,6 +231,19 @@ describe Auth::ContainerRegistryAuthenticationService do
         it_behaves_like 'not a container repository factory'
       end
 
+      context 'disallow reporter to delete images since registry 2.7' do
+        before do
+          project.add_reporter(current_user)
+        end
+
+        let(:current_params) do
+          { scopes: ["repository:#{project.full_path}:delete"] }
+        end
+
+        it_behaves_like 'an inaccessible'
+        it_behaves_like 'not a container repository factory'
+      end
+
       context 'return a least of privileges' do
         before do
           project.add_reporter(current_user)
@@ -250,6 +282,19 @@ describe Auth::ContainerRegistryAuthenticationService do
         it_behaves_like 'an inaccessible'
         it_behaves_like 'not a container repository factory'
       end
+
+      context 'disallow guest to delete images since regsitry 2.7' do
+        before do
+          project.add_guest(current_user)
+        end
+
+        let(:current_params) do
+          { scopes: ["repository:#{project.full_path}:delete"] }
+        end
+
+        it_behaves_like 'an inaccessible'
+        it_behaves_like 'not a container repository factory'
+      end
     end
 
     context 'for public project' do
@@ -282,6 +327,15 @@ describe Auth::ContainerRegistryAuthenticationService do
         it_behaves_like 'not a container repository factory'
       end
 
+      context 'disallow anyone to delete images since registry 2.7' do
+        let(:current_params) do
+          { scopes: ["repository:#{project.full_path}:delete"] }
+        end
+
+        it_behaves_like 'an inaccessible'
+        it_behaves_like 'not a container repository factory'
+      end
+
       context 'when repository name is invalid' do
         let(:current_params) do
           { scopes: ['repository:invalid:push'] }
@@ -322,6 +376,15 @@ describe Auth::ContainerRegistryAuthenticationService do
           it_behaves_like 'an inaccessible'
           it_behaves_like 'not a container repository factory'
         end
+
+        context 'disallow anyone to delete images since registry 2.7' do
+          let(:current_params) do
+            { scopes: ["repository:#{project.full_path}:delete"] }
+          end
+
+          it_behaves_like 'an inaccessible'
+          it_behaves_like 'not a container repository factory'
+        end
       end
 
       context 'for external user' do
@@ -344,6 +407,16 @@ describe Auth::ContainerRegistryAuthenticationService do
           it_behaves_like 'an inaccessible'
           it_behaves_like 'not a container repository factory'
         end
+
+        context 'disallow anyone to delete images since registry 2.7' do
+          let(:current_user) { create(:user, external: true) }
+          let(:current_params) do
+            { scopes: ["repository:#{project.full_path}:delete"] }
+          end
+
+          it_behaves_like 'an inaccessible'
+          it_behaves_like 'not a container repository factory'
+        end
       end
     end
   end
@@ -371,6 +444,16 @@ describe Auth::ContainerRegistryAuthenticationService do
         let(:project) { current_project }
       end
     end
+
+    context 'allow to delete images since registry 2.7' do
+      let(:current_params) do
+        { scopes: ["repository:#{current_project.full_path}:delete"] }
+      end
+
+      it_behaves_like 'a deletable since registry 2.7' do
+        let(:project) { current_project }
+      end
+    end
   end
 
   context 'build authorized as user' do
@@ -419,6 +502,16 @@ describe Auth::ContainerRegistryAuthenticationService do
       end
     end
 
+    context 'disallow to delete images since registry 2.7' do
+      let(:current_params) do
+        { scopes: ["repository:#{current_project.full_path}:delete"] }
+      end
+
+      it_behaves_like 'an inaccessible' do
+        let(:project) { current_project }
+      end
+    end
+
     context 'for other projects' do
       context 'when pulling' do
         let(:current_params) do
author	Peter Bábics <peter.ntx@gmail.com>	2019-03-07 14:14:54 +0300
committer	Peter Bábics <peter.ntx@gmail.com>	2019-03-19 01:04:29 +0300
commit	eadee27a3f9753d446a7e29c1a24eb773443f1d7 (patch)
tree	a3693544a74284d47e8f767788e91568327526b7 /spec/services
parent	5c59ff3df2c50696cbffffe38a82c8767d3e2a88 (diff)