Merge branch 'gitaly-124-gitaly-ssh' into 'master'

Gitaly SSH Client See merge request !139
author: Robert Speicher <robert@gitlab.com> 2017-07-07 17:00:03 +0000
committer: Robert Speicher <robert@gitlab.com> 2017-07-07 17:00:03 +0000
commit: e7ec27f5adb3bbc29520ef16272f7332b7eceb34 (patch)
tree: b293793d65e1f1abbf4b5bc46d8d5c9484af1db4 /spec
parent: 0a0cfdf965a253d4010afeb4ee9d83528ea16359 (diff)
parent: 933b56691d4b95b642c19d91cbeccb098d3a1696 (diff)
download: gitlab-shell-e7ec27f5adb3bbc29520ef16272f7332b7eceb34.tar.gz
2 files changed, 67 insertions, 9 deletions
diff --git a/spec/gitlab_access_spec.rb b/spec/gitlab_access_spec.rb
index 2df880b..f91a8a5 100644
--- a/spec/gitlab_access_spec.rb
+++ b/spec/gitlab_access_spec.rb
@@ -7,7 +7,7 @@ describe GitlabAccess do
   let(:repo_path)  { File.join(repository_path, repo_name) + ".git" }
   let(:api) do
     double(GitlabNet).tap do |api|
-      api.stub(check_access: GitAccessStatus.new(true, 'ok', 'project-1', '/home/git/repositories'))
+      api.stub(check_access: GitAccessStatus.new(true, 'ok', 'project-1', '/home/git/repositories', nil))
     end
   end
   subject do
@@ -38,7 +38,7 @@ describe GitlabAccess do
     context "access is denied" do
 
       before do
-        api.stub(check_access: GitAccessStatus.new(false, 'denied', nil, nil))
+        api.stub(check_access: GitAccessStatus.new(false, 'denied', nil, nil, nil))
       end
 
       it "returns false" do
diff --git a/spec/gitlab_shell_spec.rb b/spec/gitlab_shell_spec.rb
index e0d1af6..29093ac 100644
--- a/spec/gitlab_shell_spec.rb
+++ b/spec/gitlab_shell_spec.rb
@@ -19,10 +19,12 @@ describe GitlabShell do
     end
   end
 
+  let(:gitaly_check_access) { GitAccessStatus.new(true, 'ok', gl_repository, repo_path, { 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default'} , 'address' => 'unix:gitaly.socket' })}
+
   let(:api) do
     double(GitlabNet).tap do |api|
       api.stub(discover: { 'name' => 'John Doe' })
-      api.stub(check_access: GitAccessStatus.new(true, 'ok', gl_repository, repo_path))
+      api.stub(check_access: GitAccessStatus.new(true, 'ok', gl_repository, repo_path, nil))
       api.stub(two_factor_recovery_codes: {
         'success' => true,
         'recovery_codes' => ['f67c514de60c4953', '41278385fc00c1e0']
@@ -128,7 +130,7 @@ describe GitlabShell do
   end
 
   describe :exec do
-    let(:gitaly_message) { JSON.dump({ 'repository' => { 'path' => repo_path }, 'gl_id' => key_id }) }
+    let(:gitaly_message) { JSON.dump({ 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default' }, 'gl_repository' => gl_repository , 'gl_id' => key_id}) }
 
     context 'git-upload-pack' do
       let(:ssh_cmd) { "git-upload-pack gitlab-ci.git" }
@@ -139,12 +141,40 @@ describe GitlabShell do
       end
 
       it "should execute the command" do
-        subject.should_receive(:exec_cmd).with(File.join(ROOT_PATH, "bin/gitaly-upload-pack"), '', gitaly_message)
+        subject.should_receive(:exec_cmd).with('git-upload-pack', repo_path)
+      end
+
+      it "should log the command execution" do
+        message = "gitlab-shell: executing git command "
+        message << "<git-upload-pack #{repo_path}> "
+        message << "for user with key #{key_id}."
+        $logger.should_receive(:info).with(message)
+      end
+
+      it "should use usernames if configured to do so" do
+        GitlabConfig.any_instance.stub(audit_usernames: true)
+        $logger.should_receive(:info).with(/for John Doe/)
+      end
+    end
+
+    context 'gitaly-upload-pack' do
+      let(:ssh_cmd) { "git-upload-pack gitlab-ci.git" }
+      before {
+        api.stub(check_access: gitaly_check_access)
+      }
+      after { subject.exec(ssh_cmd) }
+
+      it "should process the command" do
+        subject.should_receive(:process_cmd).with(%W(git-upload-pack gitlab-ci.git))
+      end
+
+      it "should execute the command" do
+        subject.should_receive(:exec_cmd).with(File.join(ROOT_PATH, "bin/gitaly-upload-pack"), 'unix:gitaly.socket', gitaly_message)
       end
 
       it "should log the command execution" do
         message = "gitlab-shell: executing git command "
-        message << "<gitaly-upload-pack  #{gitaly_message}> "
+        message << "<gitaly-upload-pack unix:gitaly.socket #{gitaly_message}> "
         message << "for user with key #{key_id}."
         $logger.should_receive(:info).with(message)
       end
@@ -164,17 +194,45 @@ describe GitlabShell do
       end
 
       it "should execute the command" do
-        subject.should_receive(:exec_cmd).with(File.join(ROOT_PATH, "bin/gitaly-receive-pack"), '', gitaly_message)
+        subject.should_receive(:exec_cmd).with('git-receive-pack', repo_path)
       end
 
       it "should log the command execution" do
         message = "gitlab-shell: executing git command "
-        message << "<gitaly-receive-pack  #{gitaly_message}> "
+        message << "<git-receive-pack #{repo_path}> "
         message << "for user with key #{key_id}."
         $logger.should_receive(:info).with(message)
       end
     end
 
+    context 'gitaly-receive-pack' do
+      let(:ssh_cmd) { "git-receive-pack gitlab-ci.git" }
+      before {
+        api.stub(check_access: gitaly_check_access)
+      }
+      after { subject.exec(ssh_cmd) }
+
+      it "should process the command" do
+        subject.should_receive(:process_cmd).with(%W(git-receive-pack gitlab-ci.git))
+      end
+
+      it "should execute the command" do
+        subject.should_receive(:exec_cmd).with(File.join(ROOT_PATH, "bin/gitaly-receive-pack"), 'unix:gitaly.socket', gitaly_message)
+      end
+
+      it "should log the command execution" do
+        message = "gitlab-shell: executing git command "
+        message << "<gitaly-receive-pack unix:gitaly.socket #{gitaly_message}> "
+        message << "for user with key #{key_id}."
+        $logger.should_receive(:info).with(message)
+      end
+
+      it "should use usernames if configured to do so" do
+        GitlabConfig.any_instance.stub(audit_usernames: true)
+        $logger.should_receive(:info).with(/for John Doe/)
+      end
+    end
+
     context 'arbitrary command' do
       let(:ssh_cmd) { 'arbitrary command' }
       after { subject.exec(ssh_cmd) }
@@ -268,7 +326,7 @@ describe GitlabShell do
       end
 
       it "should disallow access and log the attempt if check_access returns false status" do
-        api.stub(check_access: GitAccessStatus.new(false, 'denied', nil, nil))
+        api.stub(check_access: GitAccessStatus.new(false, 'denied', nil, nil, nil))
         message = "gitlab-shell: Access denied for git command <git-upload-pack gitlab-ci.git> "
         message << "by user with key #{key_id}."
         $logger.should_receive(:warn).with(message)
author	Robert Speicher <robert@gitlab.com>	2017-07-07 17:00:03 +0000
committer	Robert Speicher <robert@gitlab.com>	2017-07-07 17:00:03 +0000
commit	e7ec27f5adb3bbc29520ef16272f7332b7eceb34 (patch)
tree	b293793d65e1f1abbf4b5bc46d8d5c9484af1db4 /spec
parent	0a0cfdf965a253d4010afeb4ee9d83528ea16359 (diff)
parent	933b56691d4b95b642c19d91cbeccb098d3a1696 (diff)
download	gitlab-shell-e7ec27f5adb3bbc29520ef16272f7332b7eceb34.tar.gz