delta/gitlab/gitlab-shell.git, branch jv-ssh-sidechannel gitlab.com: gitlab-org/gitlab-shell.git Optionally use SSHUploadPackWithSidechannel 2022-01-21T11:05:19+00:00 Jacob Vosmaer jacob@gitlab.com 2022-01-21T11:05:19+00:00 d005af25ab3224efa0d23be53858710f77e672c6 If the GitLab API returns an allowed response with use_sidechannel set to true, gitlab-shell will establish a sidechannel connection and use SSHUploadPackWithSidechannel instead of SSHUploadPack. This is an efficiency improvement. 
If the GitLab API returns an allowed response with use_sidechannel set
to true, gitlab-shell will establish a sidechannel connection and use
SSHUploadPackWithSidechannel instead of SSHUploadPack. This is an
efficiency improvement.
Update gitaly/v14/client to 2e398afa0490ccdf5a82e1a7c7d824ae491eba16 2022-01-21T10:40:19+00:00 Jacob Vosmaer jacob@gitlab.com 2022-01-21T10:31:41+00:00 bc25e92dd824591688cbe88cbbeb891b6459b9a9 This updates the Gitaly client go.mod dependency to Gitaly commit 2e398afa0490ccdf5a82e1a7c7d824ae491eba16. This causes a grpc-go version bump, and hence a minor change in some of our test code. 
This updates the Gitaly client go.mod dependency to Gitaly commit
2e398afa0490ccdf5a82e1a7c7d824ae491eba16. This causes a grpc-go
version bump, and hence a minor change in some of our test code.
Support parsing `use_sidechannel` API response field 2022-01-21T10:39:16+00:00 Jacob Vosmaer jacob@gitlab.com 2022-01-21T10:37:27+00:00 3384ce876de3fa8ac0c8fd4efd471e7fba8e43b9 This field will act as a feature flag that controls whether gitlab-shell uses the old SSHUploadPack RPC or the new SSHUploadPackWithSidechannel. 
This field will act as a feature flag that controls whether
gitlab-shell uses the old SSHUploadPack RPC or the new
SSHUploadPackWithSidechannel.
Refactor client response tests 2022-01-20T16:32:59+00:00 Jacob Vosmaer jacob@gitlab.com 2022-01-20T15:36:28+00:00 2cf1af8e042f7e30d1e9f81c368e00fa0348a51e This reduces coupling between tests in internal/gitlabnet/accessverifier/client_test.go, and will make it easier to add new test cases in the future. Note that the test server had a special behavior for the username "second", but this was never used. So we removed that behavior in this commit. 
This reduces coupling between tests in
internal/gitlabnet/accessverifier/client_test.go, and will make it
easier to add new test cases in the future.

Note that the test server had a special behavior for the username
"second", but this was never used. So we removed that behavior in this
commit.
Merge branch 'id-deprecate-self-signed-cert' into 'main' 2022-01-13T02:13:00+00:00 Ash McKenzie amckenzie@gitlab.com 2022-01-13T02:13:00+00:00 da719e7d9abe52e56b3b03ffa34b0ede5090ce99 Deprecate self_signed_cert config setting See merge request gitlab-org/gitlab-shell!552 
Deprecate self_signed_cert config setting

See merge request gitlab-org/gitlab-shell!552
 Deprecate self_signed_cert config setting 2022-01-12T14:19:44+00:00 Igor Drozdov idrozdov@gitlab.com 2022-01-12T14:15:18+00:00 537f8e192908172863e93a97871409a8f043c292 The option isn't required to accept self-signed certs On the other hand, if the option set to true it makes machine-in-the-middle attack possible Let's clarify it in the code that the option is deprecated 
The option isn't required to accept self-signed certs

On the other hand, if the option set to true it makes
machine-in-the-middle attack possible

Let's clarify it in the code that the option is deprecated
Merge branch 'wc-intern-err' into 'main' 2022-01-05T11:01:22+00:00 Igor Drozdov idrozdov@gitlab.com 2022-01-05T11:01:22+00:00 4989011bedc7c33aa49cdac3c230ae9fdcdb49fd Suppress internal errors in client output See merge request gitlab-org/gitlab-shell!549 
Suppress internal errors in client output

See merge request gitlab-org/gitlab-shell!549
 Suppress internal errors in client output 2021-12-28T21:06:19+00:00 Will Chandler wchandler@gitlab.com 2021-12-10T14:55:07+00:00 3a8bab437d8d0fd9bfa29bc5edd07ae5903af84d Until recently, Gitaly was silently swallowing any errors returned by SSH `git upload-pack` processes. Clients would still receive stderr output and a non-zero return code, but Gitlab-Shell would receive error as nil and log success. With 9deaf47f1ecb00f0f36d18ee4a0fb1576f5a0efe Gitaly will now return an error when git fails, but this causes Gitlab-Shell to print out the GRPC error code as a message to the client: > fatal: couldn't find remote ref not-a-real-ref > fatal: the remote end hung up unexpectedly > remote: > remote: > ======================================================================== > remote: > remote: rpc error: code = Internal desc = SSHUploadPack: exit status 128 > remote: > remote: > ======================================================================== > remote: The `remote:` text gives no additional context for the user and adds clutter. This commit suppresses the additional message added by Gitlab-Shell on failure when the error type is `Internal`, returning client output to the format it was prior to the Gitaly change. 
Until recently, Gitaly was silently swallowing any errors returned by
SSH `git upload-pack` processes. Clients would still receive stderr
output and a non-zero return code, but Gitlab-Shell would receive error
as nil and log success.

With 9deaf47f1ecb00f0f36d18ee4a0fb1576f5a0efe Gitaly will now return an
error when git fails, but this causes Gitlab-Shell to print out the
GRPC error code as a message to the client:

> fatal: couldn't find remote ref not-a-real-ref
> fatal: the remote end hung up unexpectedly
> remote:
> remote:
> ========================================================================
> remote:
> remote: rpc error: code = Internal desc = SSHUploadPack: exit status 128
> remote:
> remote:
> ========================================================================
> remote:

The `remote:` text gives no additional context for the user and adds
clutter.

This commit suppresses the additional message added by Gitlab-Shell on
failure when the error type is `Internal`, returning client output to
the format it was prior to the Gitaly change.
Merge branch 'wc-sshd-upload-pack' into 'main' 2021-12-28T10:09:52+00:00 Igor Drozdov idrozdov@gitlab.com 2021-12-28T10:09:52+00:00 3038ae450383e63d9672f1b1d2f27995d2160bbc Send full git request/response in SSHD tests See merge request gitlab-org/gitlab-shell!550 
Send full git request/response in SSHD tests

See merge request gitlab-org/gitlab-shell!550
 Send full git request/response in SSHD tests 2021-12-22T19:00:15+00:00 Will Chandler wchandler@gitlab.com 2021-12-22T18:30:21+00:00 922bb8ff61578a68126ba215e94e0c3d4c34bbf9 Before 9deaf47f1ecb00f0f36d18ee4a0fb1576f5a0efe, Gitaly would return success for `SSHUploadPack` and `SSHUploadArchive` regardless of the exit code of the `git upload-pack|archive` process. As a result, the gitlab-sshd acceptance tests could rely on no errors being returned from Gitaly. Currently these tests send the minimum request needed to start a session, causing the server git process to fail as the `0000` flush packet to end the session is never sent. This commit fixes the tests by sending the full request/response needed for a successful git operation. 
Before 9deaf47f1ecb00f0f36d18ee4a0fb1576f5a0efe, Gitaly would return
success for `SSHUploadPack` and `SSHUploadArchive` regardless of the
exit code of the `git upload-pack|archive` process. As a result, the
gitlab-sshd acceptance tests could rely on no errors being returned from
Gitaly.

Currently these tests send the minimum request needed to start a
session, causing the server git process to fail as the `0000` flush
packet to end the session is never sent.

This commit fixes the tests by sending the full request/response needed
for a successful git operation.