►
Description
Related issue: https://gitlab.com/gitlab-org/gitlab/-/issues/327311
A
A
Okay,
so
this
is
the
issue
that
we
have
it's
been
around
for
a
while
five
months
already-
and
this
is
the
api
endpoints
and
the
problem
is
that
whenever
someone
invokes
these
endpoints
and
sets
this
parameter
to
true
rails,
will
pull
the
list
of
tags
for
each
one
of
the
repositories
under
the
group
and
return
that
in
a
single
response.
So
if
a
group
has
10
repositories
rails
will
first
query
the
database
to
get
the
list
of
those
repositories.
A
So
I
think
so.
I
I
looked
at
this
not
too
long
ago
for
the
registry
migration
work,
and
that
was
the
conclusion,
but
yeah
for
demonstration
purposes.
Let's
make
sure
that
it
is
the
case.
So
what
I
have
here
by
the
way
can
you
read
this?
Probably
it's
easier
this
way?
Okay!
So
what
I
have
here
on
the
top
side?
Basically,
I'm
I'm
putting
many
in
the
middle
proxy
between
the
docker
clients
and
the
gitlab
registry,
so
that
we
can
inspect
the
network
requests
that
go
from
from
my
machine
to
the
gitlab
content
registry.
A
A
Okay
and
I'm
back
so
I
just
pushed
an
image
to
the
registry.
Now,
let's
inspect
the
list
of
requests
that
happen
it
here,
so
the
first
one,
the
stop
one
always
happens.
It's
the
client
checking
that
the
registry
supports
the
v2
protocol,
so
there
is
a
request
without
any
authentication,
and
then
the
registry
will
complain
and
say
you
need
to
authenticate.
A
A
A
So
you
always
always
require
it
always
request
a
token
before
any
of
the
operations.
Even
if
it's
the
exact
same
operation
multiple
times,
it
will
request
the
token
again
and
again
and
and
again,
oh
yeah,
so
that
should
be
fine,
so
yeah.
So
the
next
thing
is
trying
to
pull
an
image
from
a
public
repository.
A
I
think
that's
fine,
because
right
now
the
main
problem
that
we
have
is
with
gitlab.com.
We
could
ship
this
for
self-managed
as
well,
but
there
determining
the
version
of
the
registry
is
not
that
accurate.
We
do
have.
I
think
we
still
do
have
in
place
something
to
detect
that
version
and
vendor,
but
it
may
change
and
the
priority
is
really
gitlab.com,
so
that
should
be
fine,
regardless
yeah.
Let's,
I
think
we
should
put
this
behind
the
feature
flag
and
then
make
sure
that
it
only
works
first
for
gitlab.com
and
that's
it.
A
I
think
we
already
have
something
like
that
or
head
for
cleanup
policies
right.
We
do
a
check
if
we
are
in
gitlab.com
or
not
yeah,
we
do
yeah,
so
it
would
be
something
similar,
a
future
flag
or
checking
if
it
is
gitlab.com
and
then
checking
if
the
future
flight
is
enabling
and
the
next
one
radius
or
database
yeah.
I
yeah.
I
think
this
is
not
a
question.
Ready
should
be
the
place
to
go.
I
I
guess
some.
A
A
A
And
then
making
sure
that
we
can
first
fill
that
cache
and
then
empty
the
cache
whenever
a
token
is
requested.
So
basically,
if,
if
someone
tries
to
write
stuff
or
delete
stuff
from
a
repository
once
we
generate
a
token,
we
need
to
reset
the
tag
list,
cache
and
assume
that
the
repository
is
going
to
change,
and
so
in
the
next
query,
to
that
endpoint
we
need
to
retrieve
the
type
list.
Once
again,
I
think.
A
A
B
A
So
if
we,
if
we
did
the
caching
gear,
that
would
mean
that
it
would
apply
to
every
single
functionality
that
retrieves
the
tag
list
from
the
container
registry,
and
I
think
that's
a
bad
idea,
because
a
problem
with
it
could
impact
everything
like
ui,
normal
api
requests,
even
clean
up
policies
as
well.
So,
ideally,
we
would
do
it
as
close
to
the
to
the
group
level
endpoints
as
possible.
B
A
Yeah,
okay,
I
think
that
works
so
basically
the
first
well,
whenever
it
is
called
before
going
to
the
registry,
we
check
if
the
the
entry
exists
in
radius.
If
it
is,
we
read
from
there,
if
not
we'll,
let
it
go
to
to
the
registry
and
then
fill
the
cache
but
yeah,
basically
that
check
for
every
single
request
check.
If
the
repository
cache
entry
is
filled,
if
not
feel
it
from
there
and
yeah.
A
A
B
A
C
B
We
will
expire
them
manually,
so
if
we
don't
need
that
we
can
use
the
whales
multi
write
command,
that
we
write
to
two
radius
in
a
single
way.
This
command,
and
actually
the
nice
thing
with
that-
is
that
it
will
take
the
value
serialize
it
and
then
you
you
can
there
is
an
option
to
compress
the
value,
because
the
the
serialization
output
is
a
string
and
then
you
can.
You
have
an
option
to
compress
that
that
string,
yeah.