From c26e2264fb474f0662051ab563b3560d0b02b018 Mon Sep 17 00:00:00 2001
From: Christy Norman <christy@linux.vnet.ibm.com>
Date: Tue, 24 Apr 2018 17:01:57 -0500
Subject: [PATCH] specify specific permissions

When creating manifest lists, don't use "*" as the permission when
creating the token handler. This causes problems with gitlab's repos.

Fixes https://github.com/docker/cli/issues/1010

Signed-off-by: Christy Norman <christy@linux.vnet.ibm.com>
---
 cli/registry/client/endpoint.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cli/registry/client/endpoint.go b/cli/registry/client/endpoint.go
index a2d9c3359d..5af00ca70d 100644
--- a/cli/registry/client/endpoint.go
+++ b/cli/registry/client/endpoint.go
@@ -102,7 +102,7 @@ func getHTTPTransport(authConfig authtypes.AuthConfig, endpoint registry.APIEndp
 		modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, passThruTokenHandler))
 	} else {
 		creds := registry.NewStaticCredentialStore(&authConfig)
-		tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, "*")
+		tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, "push", "pull")
 		basicHandler := auth.NewBasicHandler(creds)
 		modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler))
 	}