Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ACLs for gitlab #330

Open
radumoisa opened this issue Dec 21, 2021 · 1 comment
Open

ACLs for gitlab #330

radumoisa opened this issue Dec 21, 2021 · 1 comment

Comments

@radumoisa
Copy link

Hi!
I am trying to configure docker auth with gitlab authentication.
For the actual login, things work great, but I am not able to get the ACL right.
I try to restrict all docker operations to members of a gitlab group (e.g. "company group").

This is the relevant docker auth config part:

gitlab_auth:
  client_id: "..."
  client_secret: "..."
  token_db: "/data/gitlab_tokens.ldb"
  http_timeout: "10s"
  revalidate_after: "1h"
  gitlab_web_uri: "https://gitlab.com"
  gitlab_api_uri: "https://gitlab.com/api/v4"
  registry_url: docker-test.company.com
  grant_type: "authorization_code"
  redirect_uri: "https://docker-test-auth.company.com/gitlab_auth"

acl:
  - match: {labels: {"groups": "company group"}}
    actions: ["*"]

docker login works fine but when trying to pull or push images I get this error: denied: requested access to the resource is denied.
The gitlab user is part of the company group.

In docker auth logs I see something like: { pull,push repository } did not match any authz rule.

Can you please help?
Also, our org is currently using the free plan on gitlab. It this an issue?

Thanks!
@radumoisa
Copy link
Author

No ideas anyone?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@radumoisa