Log when container registry permissions are denied (!31536) · Merge requests · GitLab.org / GitLab

Stan Hu requested to merge sh-log-container-registry-access-warnings into master May 10, 2020

If a user does not have access to pull or push to a container registry, the /jwt/auth endpoint can still return a 200 success but the registry may reject the request due to insufficient access. To help track down intermittent failures, we now log a warning in auth.log if the requested permissions don't match the granted permissions.

Relates to #23644 (closed)

Example

{
  "severity": "WARN",
  "time": "2020-05-10T04:04:43.834Z",
  "correlation_id": "dc5303995c85257d25afe0ab4008def3",
  "message": "Denied container registry permissions",
  "scope_type": "repository",
  "requested_project_path": "namespace7/project7",
  "requested_actions": [
    "*"
  ],
  "authorized_actions": [],
  "username": "user14",
  "user_id": 14
}

Edited May 13, 2020 by Stan Hu

Log when container registry permissions are denied

Example

Merge request reports