Hi!
I am trying to configure docker auth with gitlab authentication.
For the actual login, things work great, but I am not able to get the ACL right.
I try to restrict all docker operations to members of a gitlab group (e.g. "company group").

This is the relevant docker auth config part:

gitlab_auth:
  client_id: "..."
  client_secret: "..."
  token_db: "/data/gitlab_tokens.ldb"
  http_timeout: "10s"
  revalidate_after: "1h"
  gitlab_web_uri: "https://gitlab.com"
  gitlab_api_uri: "https://gitlab.com/api/v4"
  registry_url: docker-test.company.com
  grant_type: "authorization_code"
  redirect_uri: "https://docker-test-auth.company.com/gitlab_auth"

acl:
  - match: {labels: {"groups": "company group"}}
    actions: ["*"]

docker login works fine but when trying to pull or push images I get this error: denied: requested access to the resource is denied.
The gitlab user is part of the company group.

In docker auth logs I see something like: { pull,push repository } did not match any authz rule.

Can you please help?
Also, our org is currently using the free plan on gitlab. It this an issue?

Thanks!