Clarify write_registry permission
What does this MR do and why?
- Clarifies the wording for
DeployTokens
'swrite_registry
permission, that the permission iswrite
only, and does not includeread
permissions scope.
Limiting scopes of a deploy token references this and clarifies that the write_registry
permission only allows write access. Checking this manually the token only grants write access, not read, therefore the UI entry needs to be updated to reflect that.
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
Step 1: Create a repository
Step 2: Create a key that only has write_registry
permission
Step 3: Build a Dockerfile
and try to pull the image with the above credentials
Example:
echo -e "\e[31mLogin with write-only token\e[0m"
podman login -u $WRITE_ONLY_USER -p $WRITE_ONLY_PASS registry.gitlab.com
echo -e "\e[31mCheck if write-only token can read\e[0m"
podman pull registry.gitlab.com/$USERNAME/$PROJECT:latest
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.