feat(registry): gitlab support (#3107)

* feat(api): gitlab registry type * feat(registries): early support for gitlab registries * feat(app): registry service selector * feat(registry): gitlab support : list repositories and tags - remove features missing * feat(registry): gitlab registry remove features * feat(registry): gitlab switch to registry V2 API for repositories and tags * feat(api): use development extension binary * fix(registry): avoid 401 on gitlab retrieve to disconnect the user * feat(registry): gitlab browse projects without extension * style(app): code cleaning * refactor(app): PR review changes + refactor on types * fix(gitlab): remove gitlab info from registrymanagementconfig and force gitlab type * style(api): go fmt * feat(api): update APIVersion and ExtensionDefinitionsURL * fix(api): fix invalid RM extension URL * feat(registry): PAT scope help * feat(registry): defaults on registry creation * style(registry-creation): update layout and text for Gitlab registry * feat(registry-creation): update gitlab notice
2025-07-25 00:09:40 +02:00 · 2019-11-12 04:28:31 +01:00 · 2019-11-12 04:28:31 +01:00 · 198e92c734
commit 198e92c734
parent 03d9d6afbb
38 changed files with 1022 additions and 160 deletions
--- a/api/http/handler/registries/handler.go
+++ b/api/http/handler/registries/handler.go
@ -46,6 +46,9 @@ func NewHandler(bouncer *security.RequestBouncer) *Handler {
 		bouncer.AdminAccess(httperror.LoggerHandler(h.registryDelete))).Methods(http.MethodDelete)
 	h.PathPrefix("/registries/{id}/v2").Handler(
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.proxyRequestsToRegistryAPI)))
-
+	h.PathPrefix("/registries/{id}/proxies/gitlab").Handler(
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.proxyRequestsToGitlabAPIWithRegistry)))
+	h.PathPrefix("/registries/proxies/gitlab").Handler(
+		bouncer.AdminAccess(httperror.LoggerHandler(h.proxyRequestsToGitlabAPIWithoutRegistry)))
 	return h
 }
--- a/api/http/handler/registries/proxy.go
+++ b/api/http/handler/registries/proxy.go
@ -41,7 +41,7 @@ func (handler *Handler) proxyRequestsToRegistryAPI(w http.ResponseWriter, r *htt
 	if proxy == nil {
 		proxy, err = handler.ProxyManager.CreateExtensionProxy(portainer.RegistryManagementExtension)
 		if err != nil {
-			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to register registry proxy", err}
+			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to create extension proxy for registry manager", err}
 		}
 	}

--- a/api/http/handler/registries/proxy_gitlab.go
+++ b/api/http/handler/registries/proxy_gitlab.go
@ -0,0 +1,23 @@
+package registries
+
+import (
+	"net/http"
+
+	httperror "github.com/portainer/libhttp/error"
+)
+
+// request on /api/registries/proxies/gitlab
+func (handler *Handler) proxyRequestsToGitlabAPIWithoutRegistry(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	domain := r.Header.Get("X-Gitlab-Domain")
+	if domain == "" {
+		return &httperror.HandlerError{http.StatusBadRequest, "No Gitlab domain provided", nil}
+	}
+
+	proxy, err := handler.ProxyManager.CreateGitlabProxy(domain)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to create gitlab proxy", err}
+	}
+
+	http.StripPrefix("/registries/proxies/gitlab", proxy).ServeHTTP(w, r)
+	return nil
+}
--- a/api/http/handler/registries/proxy_management_gitlab.go
+++ b/api/http/handler/registries/proxy_management_gitlab.go
@ -0,0 +1,66 @@
+package registries
+
+import (
+	"encoding/json"
+	"net/http"
+	"strconv"
+
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/request"
+	"github.com/portainer/portainer/api"
+)
+
+// request on /api/registries/{id}/proxies/gitlab
+func (handler *Handler) proxyRequestsToGitlabAPIWithRegistry(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	registryID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid registry identifier route variable", err}
+	}
+
+	registry, err := handler.RegistryService.Registry(portainer.RegistryID(registryID))
+	if err == portainer.ErrObjectNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a registry with the specified identifier inside the database", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a registry with the specified identifier inside the database", err}
+	}
+
+	err = handler.requestBouncer.RegistryAccess(r, registry)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to access registry", portainer.ErrEndpointAccessDenied}
+	}
+
+	extension, err := handler.ExtensionService.Extension(portainer.RegistryManagementExtension)
+	if err == portainer.ErrObjectNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Registry management extension is not enabled", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a extension with the specified identifier inside the database", err}
+	}
+
+	var proxy http.Handler
+	proxy = handler.ProxyManager.GetExtensionProxy(portainer.RegistryManagementExtension)
+	if proxy == nil {
+		proxy, err = handler.ProxyManager.CreateExtensionProxy(portainer.RegistryManagementExtension)
+		if err != nil {
+			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to create extension proxy for registry manager", err}
+		}
+	}
+
+	config := &portainer.RegistryManagementConfiguration{
+		Type:     portainer.GitlabRegistry,
+		Password: registry.Password,
+	}
+
+	encodedConfiguration, err := json.Marshal(config)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to encode management configuration", err}
+	}
+
+	id := strconv.Itoa(int(registryID))
+	r.Header.Set("X-RegistryManagement-Key", id+"-gitlab")
+	r.Header.Set("X-RegistryManagement-URI", registry.Gitlab.InstanceURL)
+	r.Header.Set("X-RegistryManagement-Config", string(encodedConfiguration))
+	r.Header.Set("X-PortainerExtension-License", extension.License.LicenseKey)
+
+	http.StripPrefix("/registries/"+id+"/proxies/gitlab", proxy).ServeHTTP(w, r)
+	return nil
+}
--- a/api/http/handler/registries/registry_create.go
+++ b/api/http/handler/registries/registry_create.go
@ -12,11 +12,12 @@ import (

 type registryCreatePayload struct {
 	Name           string
-	Type           int
+	Type           portainer.RegistryType
 	URL            string
 	Authentication bool
 	Username       string
 	Password       string
+	Gitlab         portainer.GitlabRegistryData
 }

 func (payload *registryCreatePayload) Validate(r *http.Request) error {
@ -29,8 +30,8 @@ func (payload *registryCreatePayload) Validate(r *http.Request) error {
 	if payload.Authentication && (govalidator.IsNull(payload.Username) || govalidator.IsNull(payload.Password)) {
 		return portainer.Error("Invalid credentials. Username and password must be specified when authentication is enabled")
 	}
-	if payload.Type != 1 && payload.Type != 2 && payload.Type != 3 {
-		return portainer.Error("Invalid registry type. Valid values are: 1 (Quay.io), 2 (Azure container registry) or 3 (custom registry)")
+	if payload.Type != portainer.QuayRegistry && payload.Type != portainer.AzureRegistry && payload.Type != portainer.CustomRegistry && payload.Type != portainer.GitlabRegistry {
+		return portainer.Error("Invalid registry type. Valid values are: 1 (Quay.io), 2 (Azure container registry), 3 (custom registry) or 4 (Gitlab registry)")
 	}
 	return nil
 }
@ -42,16 +43,6 @@ func (handler *Handler) registryCreate(w http.ResponseWriter, r *http.Request) *
 		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
 	}

-	registries, err := handler.RegistryService.Registries()
-	if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve registries from the database", err}
-	}
-	for _, r := range registries {
-		if r.URL == payload.URL {
-			return &httperror.HandlerError{http.StatusConflict, "A registry with the same URL already exists", portainer.ErrRegistryAlreadyExists}
-		}
-	}
-
 	registry := &portainer.Registry{
 		Type:               portainer.RegistryType(payload.Type),
 		Name:               payload.Name,
@ -61,6 +52,7 @@ func (handler *Handler) registryCreate(w http.ResponseWriter, r *http.Request) *
 		Password:           payload.Password,
 		UserAccessPolicies: portainer.UserAccessPolicies{},
 		TeamAccessPolicies: portainer.TeamAccessPolicies{},
+		Gitlab:             payload.Gitlab,
 	}

 	err = handler.RegistryService.CreateRegistry(registry)